General
-
Target
c6606cf8ede8994309e39c7713a7fa236cf588f9f7cc460859b73f24a36eef16
-
Size
1.1MB
-
Sample
230514-vhb43aeg8s
-
MD5
83abd565ed3f03e64561915e9e688674
-
SHA1
5288d686d396d4c7fd85d796c26560feb04323a8
-
SHA256
c6606cf8ede8994309e39c7713a7fa236cf588f9f7cc460859b73f24a36eef16
-
SHA512
9f69b481f5bc0622f65b7a6a5301580c4e39479414c5a8ee72036fc1b5098ab1c18caab560f5f87f9363f3aa99099718a3eef624ee7503b4dfcd3db3d3fbe422
-
SSDEEP
24576:dyIlHMnhWfsOijUVJNz9L5XPlBEP7r46o2U3D2C:4MHMnIfuUVJNJl/D+r46o2U3D
Static task
static1
Behavioral task
behavioral1
Sample
c6606cf8ede8994309e39c7713a7fa236cf588f9f7cc460859b73f24a36eef16.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
c6606cf8ede8994309e39c7713a7fa236cf588f9f7cc460859b73f24a36eef16
-
Size
1.1MB
-
MD5
83abd565ed3f03e64561915e9e688674
-
SHA1
5288d686d396d4c7fd85d796c26560feb04323a8
-
SHA256
c6606cf8ede8994309e39c7713a7fa236cf588f9f7cc460859b73f24a36eef16
-
SHA512
9f69b481f5bc0622f65b7a6a5301580c4e39479414c5a8ee72036fc1b5098ab1c18caab560f5f87f9363f3aa99099718a3eef624ee7503b4dfcd3db3d3fbe422
-
SSDEEP
24576:dyIlHMnhWfsOijUVJNz9L5XPlBEP7r46o2U3D2C:4MHMnIfuUVJNJl/D+r46o2U3D
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-