General
-
Target
102e2f601f3ccc07b45defdb548c5d2c6348ae9896033408c24645b4909bf490
-
Size
1.0MB
-
Sample
230522-tj9laahd96
-
MD5
0fcf2380ff3b6fe3708a83ec308e13e3
-
SHA1
be51e00286271820e1eaf1b495bbac9d37b671d4
-
SHA256
102e2f601f3ccc07b45defdb548c5d2c6348ae9896033408c24645b4909bf490
-
SHA512
734f9167f8c88cec8b33dbe86c3f214fcc58522828b39f5c79f113ff3a293d4934dab71712170219d6e2354565e21f6fbec96258a5ab8cf8460e2e2154aa9cf2
-
SSDEEP
24576:cyGIucuLWbDk5PI4mlIhnxAo/fBSnM1vsdHsk:LGIe+gdmIhnb/fBSnbFs
Static task
static1
Behavioral task
behavioral1
Sample
102e2f601f3ccc07b45defdb548c5d2c6348ae9896033408c24645b4909bf490.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dix
77.91.124.251:19065
-
auth_value
9b544b3d9c88af32e2f5bf8705f9a2fb
Targets
-
-
Target
102e2f601f3ccc07b45defdb548c5d2c6348ae9896033408c24645b4909bf490
-
Size
1.0MB
-
MD5
0fcf2380ff3b6fe3708a83ec308e13e3
-
SHA1
be51e00286271820e1eaf1b495bbac9d37b671d4
-
SHA256
102e2f601f3ccc07b45defdb548c5d2c6348ae9896033408c24645b4909bf490
-
SHA512
734f9167f8c88cec8b33dbe86c3f214fcc58522828b39f5c79f113ff3a293d4934dab71712170219d6e2354565e21f6fbec96258a5ab8cf8460e2e2154aa9cf2
-
SSDEEP
24576:cyGIucuLWbDk5PI4mlIhnxAo/fBSnM1vsdHsk:LGIe+gdmIhnb/fBSnbFs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-