General
-
Target
FL Studio.zip
-
Size
4.4MB
-
Sample
220525-xd4pmacdf6
-
MD5
7cdb5138bb2c77e738dc2f4d44e77914
-
SHA1
63c2622261b32159a2d6e27b93637adac541a351
-
SHA256
3aadd92795daa18b5eecb1c387a1c9bab60cfc427fbce23e61d947b116d0ada4
-
SHA512
0ab177ca40cd86c4d2ab6b4869e655eb037a828af54bfd4ad3aae02b6014a857eca5414a24e4a95e15a648ecb1340b6616a437cca12e5234dd5083433ef4f07d
Static task
static1
Behavioral task
behavioral1
Sample
FL Studio/FL Studio 3.2.0.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
1
185.106.92.81:16312
-
auth_value
54b1ff720bb86daceb65cf07d4d5ae88
Targets
-
-
Target
FL Studio/FL Studio 3.2.0.exe
-
Size
391.3MB
-
MD5
b0c5ae4dec5a28e5c27ee33e2e1ab240
-
SHA1
d84c677bbcc05a6d28001566196f43374dfec74e
-
SHA256
792ea90eb358df40c67fb494300cd97397375f7ec46ef6311cfff06f7fa58de0
-
SHA512
dbe14ada46abd5b86fcc54e828876410b1223682a832b091e3cca31d40269f06554c3e5ad7ce043ab231856f0ae0ff7d539d1f88cf0140062c186335e95f7e05
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-