General
-
Target
58c136f2001574f2486f1382ba28c0ab23ecd4000173a04c633514a57d770094
-
Size
1.0MB
-
Sample
230526-r39paafh66
-
MD5
a3f1963e31310c419e1f308e79d2e60c
-
SHA1
85c6e1565c0f03d4a63ca841bd602cf850339e41
-
SHA256
58c136f2001574f2486f1382ba28c0ab23ecd4000173a04c633514a57d770094
-
SHA512
403e474fc9afcd5fbe246f7491d02ff133430db416e983feaf7a11d165bbb36d8e24b3a2c21fe65ae3a228da4c37e8aaeb81cebc007d29a6e456a60ca2f3dd54
-
SSDEEP
24576:rybybHv14aS0H64ZoQNR743gmdEecE3tfePFvup1DUA:em7v0464ZoQNR8gmdEecCCEp1
Static task
static1
Behavioral task
behavioral1
Sample
58c136f2001574f2486f1382ba28c0ab23ecd4000173a04c633514a57d770094.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
58c136f2001574f2486f1382ba28c0ab23ecd4000173a04c633514a57d770094
-
Size
1.0MB
-
MD5
a3f1963e31310c419e1f308e79d2e60c
-
SHA1
85c6e1565c0f03d4a63ca841bd602cf850339e41
-
SHA256
58c136f2001574f2486f1382ba28c0ab23ecd4000173a04c633514a57d770094
-
SHA512
403e474fc9afcd5fbe246f7491d02ff133430db416e983feaf7a11d165bbb36d8e24b3a2c21fe65ae3a228da4c37e8aaeb81cebc007d29a6e456a60ca2f3dd54
-
SSDEEP
24576:rybybHv14aS0H64ZoQNR743gmdEecE3tfePFvup1DUA:em7v0464ZoQNR8gmdEecCCEp1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-