General
-
Target
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361.bin
-
Size
562KB
-
Sample
230311-25tqysdf81
-
MD5
55d00620a0f6d5ce81155052619640a9
-
SHA1
a1aa8231e2e8fe35dccd1ec21666319f798151fa
-
SHA256
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361
-
SHA512
6b4c2e89b7dc61f70e8b8e2f01bee9f6a92129be5cddbdc16e6ebd3fa8b3d952f9352ad7f8023cc16faab5c891dbabc71f6b3545ea315dac2a9d0d058064b5e2
-
SSDEEP
12288:fMr9y90voWX3yJ6rHe7dOTH++YYy90ycgvEtOyUsNV:qyyoI3yoHeU+30ycgstOyjT
Static task
static1
Behavioral task
behavioral1
Sample
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361.bin
-
Size
562KB
-
MD5
55d00620a0f6d5ce81155052619640a9
-
SHA1
a1aa8231e2e8fe35dccd1ec21666319f798151fa
-
SHA256
0031a13d3a822223c32636da5a106897ab3a846d5b87194c5c3e6dd034f2d361
-
SHA512
6b4c2e89b7dc61f70e8b8e2f01bee9f6a92129be5cddbdc16e6ebd3fa8b3d952f9352ad7f8023cc16faab5c891dbabc71f6b3545ea315dac2a9d0d058064b5e2
-
SSDEEP
12288:fMr9y90voWX3yJ6rHe7dOTH++YYy90ycgvEtOyUsNV:qyyoI3yoHeU+30ycgstOyjT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-