General
-
Target
35097bc1970cea6f2784e31df6c83c67c607e544881b046b4d5d4ace906b4811
-
Size
1.0MB
-
Sample
230526-pcyg8afd38
-
MD5
839cc5c66e9460e47fce2f7842f251e0
-
SHA1
db88da6dfda3128987f39afc3a6c026f85865992
-
SHA256
35097bc1970cea6f2784e31df6c83c67c607e544881b046b4d5d4ace906b4811
-
SHA512
cfb92715a2158d5a71c6ea4a3bdd55c3489a6af5a1d39b62cfe5c5c3e215ebcda5c7b62f559c9068ce233819be3e2524e709c2000d2099560621de823ef4d8b7
-
SSDEEP
24576:BySt0GFu8eItjibn34VemdR5/IlQ2fZICH6B02Q2LhS:0fgZ8bnaemdR5/IC2fl2Q4
Static task
static1
Behavioral task
behavioral1
Sample
35097bc1970cea6f2784e31df6c83c67c607e544881b046b4d5d4ace906b4811.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
35097bc1970cea6f2784e31df6c83c67c607e544881b046b4d5d4ace906b4811
-
Size
1.0MB
-
MD5
839cc5c66e9460e47fce2f7842f251e0
-
SHA1
db88da6dfda3128987f39afc3a6c026f85865992
-
SHA256
35097bc1970cea6f2784e31df6c83c67c607e544881b046b4d5d4ace906b4811
-
SHA512
cfb92715a2158d5a71c6ea4a3bdd55c3489a6af5a1d39b62cfe5c5c3e215ebcda5c7b62f559c9068ce233819be3e2524e709c2000d2099560621de823ef4d8b7
-
SSDEEP
24576:BySt0GFu8eItjibn34VemdR5/IlQ2fZICH6B02Q2LhS:0fgZ8bnaemdR5/IC2fl2Q4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-