General
-
Target
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b.bin
-
Size
562KB
-
Sample
230311-24pqlsdf3s
-
MD5
6f61f70b024da57c34c4214619a70d8c
-
SHA1
1551099a680841af009d1fb835627519fff472f0
-
SHA256
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b
-
SHA512
1442f42c252bc5803f24da54274475693b6115043a343e07feb1ce774d3a7d1c04c8c2ed3e9a9ed32e2f2bfa573833a8c43fe03d60caca0ea140556fc9cdf320
-
SSDEEP
12288:GMrly90bKVjvDSTH5AVDjCvYYyo0AcFvjnOff3:fyIAvDST+FC/0AcFLnOH3
Static task
static1
Behavioral task
behavioral1
Sample
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b.bin
-
Size
562KB
-
MD5
6f61f70b024da57c34c4214619a70d8c
-
SHA1
1551099a680841af009d1fb835627519fff472f0
-
SHA256
00538f2d1e0ed3b2a627b1feed14007e7b74d802fce46dcf36fc057e3240cb4b
-
SHA512
1442f42c252bc5803f24da54274475693b6115043a343e07feb1ce774d3a7d1c04c8c2ed3e9a9ed32e2f2bfa573833a8c43fe03d60caca0ea140556fc9cdf320
-
SSDEEP
12288:GMrly90bKVjvDSTH5AVDjCvYYyo0AcFvjnOff3:fyIAvDST+FC/0AcFLnOH3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-