General
-
Target
5e370f6fddfce822088a875b74a98788ec813165da60c525774b3a793309c59a
-
Size
764KB
-
Sample
230526-nakmxafb62
-
MD5
2f0a6c925c2a58d5d63fa46edde89fe5
-
SHA1
385b14cbe3077674d190b9301d19d9c3ea917c2b
-
SHA256
5e370f6fddfce822088a875b74a98788ec813165da60c525774b3a793309c59a
-
SHA512
53d6e4aad0d749bcdb803c77053bad7a65cd1907c5efd69d2b16fc95119f455eeaa231f2aad9e623ee1bed91989e8394a49b50e194da2c19d992582d165cbd97
-
SSDEEP
12288:IMr6y90mIabxzezYqj9wxt13YuEpAvyG32qL62mp4d7Pmd8LB6EEok:SyGatKzNmxt1HEpAP82a4pPmdoCL
Static task
static1
Behavioral task
behavioral1
Sample
5e370f6fddfce822088a875b74a98788ec813165da60c525774b3a793309c59a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
misa
83.97.73.122:19062
-
auth_value
9e79529a6bdb4962f44d12b0d6d62d32
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
5e370f6fddfce822088a875b74a98788ec813165da60c525774b3a793309c59a
-
Size
764KB
-
MD5
2f0a6c925c2a58d5d63fa46edde89fe5
-
SHA1
385b14cbe3077674d190b9301d19d9c3ea917c2b
-
SHA256
5e370f6fddfce822088a875b74a98788ec813165da60c525774b3a793309c59a
-
SHA512
53d6e4aad0d749bcdb803c77053bad7a65cd1907c5efd69d2b16fc95119f455eeaa231f2aad9e623ee1bed91989e8394a49b50e194da2c19d992582d165cbd97
-
SSDEEP
12288:IMr6y90mIabxzezYqj9wxt13YuEpAvyG32qL62mp4d7Pmd8LB6EEok:SyGatKzNmxt1HEpAP82a4pPmdoCL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-