General
-
Target
f8d528c5faa1d5151723b90901f3422d7f211526da17bd7e0adf45b882f49a0e
-
Size
1.0MB
-
Sample
230526-pbq2rafg9z
-
MD5
8761ca7204938478690865d370eb0af5
-
SHA1
8b2804852c82db01d4fe04c3f5c845c700b93a96
-
SHA256
f8d528c5faa1d5151723b90901f3422d7f211526da17bd7e0adf45b882f49a0e
-
SHA512
7cf10a57c6f8715e1df2f71641c96d3f72ffeadbdd14765212b9c8c40b2e9be3eec68c745b8bf73543dc118209a00d9a5c6b3ce938f20c5a03483aea87a7c6fd
-
SSDEEP
12288:YMrLy90yM0u//cu288pHvE+IqBbghEz5wXWA4dVwmd4LBAkt+cKr5066r4d73stb:zyaI5yqB474vwmdcLt+cK+r4yN5Ky
Static task
static1
Behavioral task
behavioral1
Sample
f8d528c5faa1d5151723b90901f3422d7f211526da17bd7e0adf45b882f49a0e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
f8d528c5faa1d5151723b90901f3422d7f211526da17bd7e0adf45b882f49a0e
-
Size
1.0MB
-
MD5
8761ca7204938478690865d370eb0af5
-
SHA1
8b2804852c82db01d4fe04c3f5c845c700b93a96
-
SHA256
f8d528c5faa1d5151723b90901f3422d7f211526da17bd7e0adf45b882f49a0e
-
SHA512
7cf10a57c6f8715e1df2f71641c96d3f72ffeadbdd14765212b9c8c40b2e9be3eec68c745b8bf73543dc118209a00d9a5c6b3ce938f20c5a03483aea87a7c6fd
-
SSDEEP
12288:YMrLy90yM0u//cu288pHvE+IqBbghEz5wXWA4dVwmd4LBAkt+cKr5066r4d73stb:zyaI5yqB474vwmdcLt+cK+r4yN5Ky
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-