General
-
Target
226202b4ba98b15724602ef42dfb1e6e0e8f34379b84cd9cca0fb5c51b818d82
-
Size
628KB
-
Sample
230604-vss6bsch28
-
MD5
6155d26477fc0a4edd8605f1dd81f940
-
SHA1
2806c9c3b58d96c4d8820873ac2c35fd2b91ba13
-
SHA256
226202b4ba98b15724602ef42dfb1e6e0e8f34379b84cd9cca0fb5c51b818d82
-
SHA512
080d56c033e37fa96ad4823b0ecb63a4ccface46eac12d537eac543404ed6ff9efdb4c51c97435f47e6f0db4baa404cdf63f2a559f1fdd2ffb5685011bbcea08
-
SSDEEP
12288:cMrTy90uJ2COxSOjMgxMfhADn9x6xD7HnCrOybe+52YCf:XyLjESOIgxshMn67HCrfK+5K
Static task
static1
Behavioral task
behavioral1
Sample
226202b4ba98b15724602ef42dfb1e6e0e8f34379b84cd9cca0fb5c51b818d82.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
226202b4ba98b15724602ef42dfb1e6e0e8f34379b84cd9cca0fb5c51b818d82
-
Size
628KB
-
MD5
6155d26477fc0a4edd8605f1dd81f940
-
SHA1
2806c9c3b58d96c4d8820873ac2c35fd2b91ba13
-
SHA256
226202b4ba98b15724602ef42dfb1e6e0e8f34379b84cd9cca0fb5c51b818d82
-
SHA512
080d56c033e37fa96ad4823b0ecb63a4ccface46eac12d537eac543404ed6ff9efdb4c51c97435f47e6f0db4baa404cdf63f2a559f1fdd2ffb5685011bbcea08
-
SSDEEP
12288:cMrTy90uJ2COxSOjMgxMfhADn9x6xD7HnCrOybe+52YCf:XyLjESOIgxshMn67HCrfK+5K
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-