General
-
Target
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30.exe
-
Size
2.3MB
-
Sample
240629-b5gtaa1drp
-
MD5
0b57430159e81d152455d3d2936f44e0
-
SHA1
245c53304354ad8c703b2dd4fce1cc1ec46573bb
-
SHA256
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30
-
SHA512
c70103e599a534bd6aad4238df567223fc4d2a7b07632be09c42ea2f46e3c941523ead3b3ee27abe72445ded4e33a646421a176d82fab637b4b500782b629f40
-
SSDEEP
49152:IF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUYeaw1GlNOmTCbCuF:KroA7PxBOb
Static task
static1
Behavioral task
behavioral1
Sample
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
foz
195.10.205.102:1912
Targets
-
-
Target
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30.exe
-
Size
2.3MB
-
MD5
0b57430159e81d152455d3d2936f44e0
-
SHA1
245c53304354ad8c703b2dd4fce1cc1ec46573bb
-
SHA256
bea6547e13a91dea30b43f7b50a6e95d8cbc285c9a2c397fa52d17ce8351cc30
-
SHA512
c70103e599a534bd6aad4238df567223fc4d2a7b07632be09c42ea2f46e3c941523ead3b3ee27abe72445ded4e33a646421a176d82fab637b4b500782b629f40
-
SSDEEP
49152:IF50a6aPVOFMx3SmroCZscivbS6mqxEWoKmqZJffp3vSsqPUYeaw1GlNOmTCbCuF:KroA7PxBOb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-