General
-
Target
5e0e4bca649288093dd1865470015bcca2a0ce870d8fcf592129a5cfad56cf98
-
Size
727KB
-
Sample
230605-srf39shc97
-
MD5
9c7d74257f46adbb1c5a9269dd1b2f60
-
SHA1
af1e79845ea93d0b1b77c7e517d401c212f879c1
-
SHA256
5e0e4bca649288093dd1865470015bcca2a0ce870d8fcf592129a5cfad56cf98
-
SHA512
4214b84b5d8d92fbf341dab60945482db20c39d513faeed19c03dd631ce79cad4f58ec7569a73916a7f376fd2eb36550c0b076715278addcb1ebe724d62a9d9d
-
SSDEEP
12288:aMr3y90vJFH4a+r5ShTmjMztklEGp1C5fKvIEfsNWNEYy7Q9ORd1Jt7B:hyEDHCr5Bj4LSCFKhnNEYy7pRv
Static task
static1
Behavioral task
behavioral1
Sample
5e0e4bca649288093dd1865470015bcca2a0ce870d8fcf592129a5cfad56cf98.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
5e0e4bca649288093dd1865470015bcca2a0ce870d8fcf592129a5cfad56cf98
-
Size
727KB
-
MD5
9c7d74257f46adbb1c5a9269dd1b2f60
-
SHA1
af1e79845ea93d0b1b77c7e517d401c212f879c1
-
SHA256
5e0e4bca649288093dd1865470015bcca2a0ce870d8fcf592129a5cfad56cf98
-
SHA512
4214b84b5d8d92fbf341dab60945482db20c39d513faeed19c03dd631ce79cad4f58ec7569a73916a7f376fd2eb36550c0b076715278addcb1ebe724d62a9d9d
-
SSDEEP
12288:aMr3y90vJFH4a+r5ShTmjMztklEGp1C5fKvIEfsNWNEYy7Q9ORd1Jt7B:hyEDHCr5Bj4LSCFKhnNEYy7pRv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-