General
-
Target
2024-11-11_6338fe6cfdce82783854fd3e5865a19a_avoslocker_cobalt-strike_luca-stealer
-
Size
724KB
-
Sample
241111-b8g88azfpa
-
MD5
6338fe6cfdce82783854fd3e5865a19a
-
SHA1
c096d34a1393ceb386142f951ad0d12bd139f811
-
SHA256
5efe7599d26de299d2b9050d52238c660af9eacadac4d424320c2099215ea67c
-
SHA512
8b85c51a4f076682087e9c1a29fe4c5236b54b0c83da4684dc6fb4481416c4e2c6b1baea24ddb4b5931383b710d0318413edf7d27ecbb83145a3148817ed9402
-
SSDEEP
12288:AHLuCDNEACnE2D51k5XLL4n4EiDEx5ORWZ0lLY+c6V9uaULuvQvv3LVszuuLkpF:AHLu0NEACnEA2EiQxwRWZkowQvpLuLkz
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-11_6338fe6cfdce82783854fd3e5865a19a_avoslocker_cobalt-strike_luca-stealer.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2024-11-11_6338fe6cfdce82783854fd3e5865a19a_avoslocker_cobalt-strike_luca-stealer.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
2024-11-11_6338fe6cfdce82783854fd3e5865a19a_avoslocker_cobalt-strike_luca-stealer
-
Size
724KB
-
MD5
6338fe6cfdce82783854fd3e5865a19a
-
SHA1
c096d34a1393ceb386142f951ad0d12bd139f811
-
SHA256
5efe7599d26de299d2b9050d52238c660af9eacadac4d424320c2099215ea67c
-
SHA512
8b85c51a4f076682087e9c1a29fe4c5236b54b0c83da4684dc6fb4481416c4e2c6b1baea24ddb4b5931383b710d0318413edf7d27ecbb83145a3148817ed9402
-
SSDEEP
12288:AHLuCDNEACnE2D51k5XLL4n4EiDEx5ORWZ0lLY+c6V9uaULuvQvv3LVszuuLkpF:AHLu0NEACnEA2EiQxwRWZkowQvpLuLkz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-