General
-
Target
13776e859428f34747056d580115a3dc3b7fe26fc50e8a5458f12f027d330a0d
-
Size
780KB
-
Sample
230528-qrk14sff3z
-
MD5
0bd825392ea8f7ab2b1f55376480e8bf
-
SHA1
203627a3c274eb0bc34110683366868c7b96b82b
-
SHA256
13776e859428f34747056d580115a3dc3b7fe26fc50e8a5458f12f027d330a0d
-
SHA512
a8641947256f2aafe3d91edfc6b66ba327e7b4baa3388c9ff9c4e7df4301890f9034a51f2f2fe2b6c7cb5828714d52f173e82d62f7a0fb942eb4a2edf88d6b2e
-
SSDEEP
12288:mMray90hqx2h2B1omupq953fSjcAH1e8P0PEtwK/LfaA+E/h5tP6:AyL0Ppi53KjcK1e8ltwwmXq/ty
Static task
static1
Behavioral task
behavioral1
Sample
13776e859428f34747056d580115a3dc3b7fe26fc50e8a5458f12f027d330a0d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
13776e859428f34747056d580115a3dc3b7fe26fc50e8a5458f12f027d330a0d
-
Size
780KB
-
MD5
0bd825392ea8f7ab2b1f55376480e8bf
-
SHA1
203627a3c274eb0bc34110683366868c7b96b82b
-
SHA256
13776e859428f34747056d580115a3dc3b7fe26fc50e8a5458f12f027d330a0d
-
SHA512
a8641947256f2aafe3d91edfc6b66ba327e7b4baa3388c9ff9c4e7df4301890f9034a51f2f2fe2b6c7cb5828714d52f173e82d62f7a0fb942eb4a2edf88d6b2e
-
SSDEEP
12288:mMray90hqx2h2B1omupq953fSjcAH1e8P0PEtwK/LfaA+E/h5tP6:AyL0Ppi53KjcK1e8ltwwmXq/ty
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-