General
-
Target
e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8
-
Size
771KB
-
Sample
230528-fk1g4seg4y
-
MD5
1aecb86ea16d7e1ded70c465207c24a3
-
SHA1
cc71a6f5134a9a218d9ba827ee4af1faed25c8cf
-
SHA256
e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8
-
SHA512
f575e369ffc36c7d57fc9a7d21a4ba7ae8bb2303b994f5f561d00b4005b58886aa74c3ceb64ae39446fa08ae03a4bcac16b45816b1228638468752612b191937
-
SSDEEP
12288:hMrWy90VFKH8PyDcxSlKBvD5hrtbppw4+lodEWwUV9PymmvpivOLnbr:DyAAcklKB75h1w/0ENUV9ybkvybr
Static task
static1
Behavioral task
behavioral1
Sample
e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8
-
Size
771KB
-
MD5
1aecb86ea16d7e1ded70c465207c24a3
-
SHA1
cc71a6f5134a9a218d9ba827ee4af1faed25c8cf
-
SHA256
e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8
-
SHA512
f575e369ffc36c7d57fc9a7d21a4ba7ae8bb2303b994f5f561d00b4005b58886aa74c3ceb64ae39446fa08ae03a4bcac16b45816b1228638468752612b191937
-
SSDEEP
12288:hMrWy90VFKH8PyDcxSlKBvD5hrtbppw4+lodEWwUV9PymmvpivOLnbr:DyAAcklKB75h1w/0ENUV9ybkvybr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-