General
-
Target
61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2
-
Size
589KB
-
Sample
241110-25g26axene
-
MD5
7b191861f1ad52c386a418d43f6184d4
-
SHA1
6702d8f517c4ef7340e95e6116591e35b3c745fd
-
SHA256
61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2
-
SHA512
4fd900234aa18fe6affeb5895bfed8107aafa7677ca4f371aae8a298a45320d98f579d9921515f93e3d82aa2634db586167495796fda0fa0b43444cf777fde3e
-
SSDEEP
12288:GMr/y90xlIo7NOFrOg6FXvF9pgqlA2igfFDN1tswGnNdiwIR:1yi57NOFJ6RiqPiUpP0ihR
Static task
static1
Behavioral task
behavioral1
Sample
61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
crypt1
176.113.115.17:4132
-
auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86
Extracted
redline
romik
193.233.20.12:4132
-
auth_value
8fb78d2889ba0ca42678b59b884e88ff
Targets
-
-
Target
61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2
-
Size
589KB
-
MD5
7b191861f1ad52c386a418d43f6184d4
-
SHA1
6702d8f517c4ef7340e95e6116591e35b3c745fd
-
SHA256
61361f8c92eac4007b1281ce378ec28fc3978aafba90dd535a4d1ddc5328d7a2
-
SHA512
4fd900234aa18fe6affeb5895bfed8107aafa7677ca4f371aae8a298a45320d98f579d9921515f93e3d82aa2634db586167495796fda0fa0b43444cf777fde3e
-
SSDEEP
12288:GMr/y90xlIo7NOFrOg6FXvF9pgqlA2igfFDN1tswGnNdiwIR:1yi57NOFJ6RiqPiUpP0ihR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-