General
-
Target
6f0cc5b7785777820a4c89b7181d6ecd046de476b210ed6e8bfc5fde562097e8
-
Size
735KB
-
Sample
230605-1vwxwsbe4z
-
MD5
a3bd926eda447168bb1f590d72fed995
-
SHA1
6268c45d6d73c17c39f5ac29b9965c93fb25188b
-
SHA256
6f0cc5b7785777820a4c89b7181d6ecd046de476b210ed6e8bfc5fde562097e8
-
SHA512
db850d6c5cd924b34a2b698187de708d5e0fdb9f36579648221260cc702b00b5205e33b962db47650e2b6e7568fd8ed57e6c4d5c4e154f00d104c27721d20866
-
SSDEEP
12288:MMrSy902plckNOgc4MXqdF/v215utIDmbC9vUXYsiQ0W+ouxcD9QxkG9GIzWx4eb:myDZc6rMMlC9KjMG0W5sI
Static task
static1
Behavioral task
behavioral1
Sample
6f0cc5b7785777820a4c89b7181d6ecd046de476b210ed6e8bfc5fde562097e8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
6f0cc5b7785777820a4c89b7181d6ecd046de476b210ed6e8bfc5fde562097e8
-
Size
735KB
-
MD5
a3bd926eda447168bb1f590d72fed995
-
SHA1
6268c45d6d73c17c39f5ac29b9965c93fb25188b
-
SHA256
6f0cc5b7785777820a4c89b7181d6ecd046de476b210ed6e8bfc5fde562097e8
-
SHA512
db850d6c5cd924b34a2b698187de708d5e0fdb9f36579648221260cc702b00b5205e33b962db47650e2b6e7568fd8ed57e6c4d5c4e154f00d104c27721d20866
-
SSDEEP
12288:MMrSy902plckNOgc4MXqdF/v215utIDmbC9vUXYsiQ0W+ouxcD9QxkG9GIzWx4eb:myDZc6rMMlC9KjMG0W5sI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-