General
-
Target
ce995f0c530fa8ff3e08a185637862bddf029a13984f57f323b22e5110697c62
-
Size
764KB
-
Sample
230526-m2r1mafb39
-
MD5
5cf0a8fd9150b30894b2140ef256152e
-
SHA1
53ace77b1cd75a0d188b26594fc4b76cad40ee04
-
SHA256
ce995f0c530fa8ff3e08a185637862bddf029a13984f57f323b22e5110697c62
-
SHA512
e2bce5f9474786a1cc6f70e8dafd82006baa0a9d1d1055d15fac4ba88c5d8365c54aa5086b1c0a7ccdc1beb621e672fefa5f5666c666740f09cbffd6abe21de6
-
SSDEEP
12288:UMrEy90a+mmYdnIq/qcpp2QnPB1IyGJ3s0uB5fFOmp4dBtmd8LBtEal4:QywNYVIhkp1UwBpFOa4HtmdoXW
Static task
static1
Behavioral task
behavioral1
Sample
ce995f0c530fa8ff3e08a185637862bddf029a13984f57f323b22e5110697c62.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
ce995f0c530fa8ff3e08a185637862bddf029a13984f57f323b22e5110697c62
-
Size
764KB
-
MD5
5cf0a8fd9150b30894b2140ef256152e
-
SHA1
53ace77b1cd75a0d188b26594fc4b76cad40ee04
-
SHA256
ce995f0c530fa8ff3e08a185637862bddf029a13984f57f323b22e5110697c62
-
SHA512
e2bce5f9474786a1cc6f70e8dafd82006baa0a9d1d1055d15fac4ba88c5d8365c54aa5086b1c0a7ccdc1beb621e672fefa5f5666c666740f09cbffd6abe21de6
-
SSDEEP
12288:UMrEy90a+mmYdnIq/qcpp2QnPB1IyGJ3s0uB5fFOmp4dBtmd8LBtEal4:QywNYVIhkp1UwBpFOa4HtmdoXW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-