General
-
Target
f630965e26d4944e1cb9998e3a872f96d79bec27a5966a002daa044e30cbf96e
-
Size
803KB
-
Sample
230528-tpaddaga2s
-
MD5
3aba27546cfb995b1bd540e347eccac8
-
SHA1
573dd267085451c4feb8bc400ba1ad0bf7b877bf
-
SHA256
f630965e26d4944e1cb9998e3a872f96d79bec27a5966a002daa044e30cbf96e
-
SHA512
89112ba366a0d2bb7d0c812ba2e92b779fe40b7c22a9627e928ff06cb3f7be74814e52253cdcdf54dfb5a85f4c3d2a6614f40fecd3092e00f1644831af4dc892
-
SSDEEP
12288:MMr/y90NfdBoDcQfru2Cr0O8gUHTYegNmDm/axel+u2l0Rm1jjiAU3t:LygfZQfru2CrkHPHDKoNF54
Static task
static1
Behavioral task
behavioral1
Sample
f630965e26d4944e1cb9998e3a872f96d79bec27a5966a002daa044e30cbf96e.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
f630965e26d4944e1cb9998e3a872f96d79bec27a5966a002daa044e30cbf96e
-
Size
803KB
-
MD5
3aba27546cfb995b1bd540e347eccac8
-
SHA1
573dd267085451c4feb8bc400ba1ad0bf7b877bf
-
SHA256
f630965e26d4944e1cb9998e3a872f96d79bec27a5966a002daa044e30cbf96e
-
SHA512
89112ba366a0d2bb7d0c812ba2e92b779fe40b7c22a9627e928ff06cb3f7be74814e52253cdcdf54dfb5a85f4c3d2a6614f40fecd3092e00f1644831af4dc892
-
SSDEEP
12288:MMr/y90NfdBoDcQfru2Cr0O8gUHTYegNmDm/axel+u2l0Rm1jjiAU3t:LygfZQfru2CrkHPHDKoNF54
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-