General
-
Target
0eefba825ed9df5480f9a2defa04c70a75032b577e56708896ad67a0b4fe5398
-
Size
580KB
-
Sample
230604-xs1aradh61
-
MD5
3807a40d47311173052d0d7b4a8e2d17
-
SHA1
dca087287596f24a31c79e9ea8f0906b9dc34aa3
-
SHA256
0eefba825ed9df5480f9a2defa04c70a75032b577e56708896ad67a0b4fe5398
-
SHA512
d7708de19e3890de7bdcdc0591e48cc63a10193146f5423ab55109052bf3064656bce8082cdb572e98dcac6710b3af14cf768cf61adec7a50605ec309744322b
-
SSDEEP
12288:QMrHy90xlDas0uGB9w0wQlw9aeYYGpou3YoPjnCXKMXGcUQLFKeyULAcrc:HyalDeXP+WYXYSG3EPpg
Static task
static1
Behavioral task
behavioral1
Sample
0eefba825ed9df5480f9a2defa04c70a75032b577e56708896ad67a0b4fe5398.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
0eefba825ed9df5480f9a2defa04c70a75032b577e56708896ad67a0b4fe5398
-
Size
580KB
-
MD5
3807a40d47311173052d0d7b4a8e2d17
-
SHA1
dca087287596f24a31c79e9ea8f0906b9dc34aa3
-
SHA256
0eefba825ed9df5480f9a2defa04c70a75032b577e56708896ad67a0b4fe5398
-
SHA512
d7708de19e3890de7bdcdc0591e48cc63a10193146f5423ab55109052bf3064656bce8082cdb572e98dcac6710b3af14cf768cf61adec7a50605ec309744322b
-
SSDEEP
12288:QMrHy90xlDas0uGB9w0wQlw9aeYYGpou3YoPjnCXKMXGcUQLFKeyULAcrc:HyalDeXP+WYXYSG3EPpg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-