General
-
Target
235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
-
Size
358KB
-
Sample
230321-mjyqfsbg5v
-
MD5
fabd8e2fc50a1e1227338165235c483b
-
SHA1
7371dc82e7b82b8a76b449c41c302643f6f612f4
-
SHA256
235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
-
SHA512
c46c621e78c6f68d9de7ef5704d09ab825f3f580df1e95b075b8daceeeead32a11c26c31560296be10d3d01e36239eb7845b8055c485703c606eb1e7b1366d78
-
SSDEEP
6144:uBqALixitlVx98tQ9Pw4g/c7LmsSN3ln4ruaF92xt2:uBqA8itlH9c7dk7kJwCx
Static task
static1
Malware Config
Extracted
redline
fronx2
fronxtracking.com:80
-
auth_value
0a4100df2644a6a6582137d2da2c8bd1
Targets
-
-
Target
235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
-
Size
358KB
-
MD5
fabd8e2fc50a1e1227338165235c483b
-
SHA1
7371dc82e7b82b8a76b449c41c302643f6f612f4
-
SHA256
235867b3f9536427999e51faf4eb26558d53cf7cecf7fe3a16264ba9bd4142dd
-
SHA512
c46c621e78c6f68d9de7ef5704d09ab825f3f580df1e95b075b8daceeeead32a11c26c31560296be10d3d01e36239eb7845b8055c485703c606eb1e7b1366d78
-
SSDEEP
6144:uBqALixitlVx98tQ9Pw4g/c7LmsSN3ln4ruaF92xt2:uBqA8itlH9c7dk7kJwCx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-