General
-
Target
670c7ea2cdf1c556ef6be7b1f91c49eb25bae63c4e646e8f300609472e54ed0b
-
Size
735KB
-
Sample
230605-vvbztshg98
-
MD5
236c6160a6c82bba4a0e2d1ad23632d9
-
SHA1
deec3fa40fb1e92c4d30ce582cc2b9cd19e0abc0
-
SHA256
670c7ea2cdf1c556ef6be7b1f91c49eb25bae63c4e646e8f300609472e54ed0b
-
SHA512
6810de657a8e4cd42431b716e0cfc1b443b083937852c209d44be14d2f2faf868cb07089a41ee6c6415f3c99392846166197cb9ddaada08e525acd4a8d4019d4
-
SSDEEP
12288:zMrPy90DM3sdrLw14kMalKtMRS4Sl2VUpf+7uDLOsqt5UQkITOpM7IvP0JcaP1X:UyGM3s/9alK2RS41Z7IHl4OpM72i
Static task
static1
Behavioral task
behavioral1
Sample
670c7ea2cdf1c556ef6be7b1f91c49eb25bae63c4e646e8f300609472e54ed0b.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
670c7ea2cdf1c556ef6be7b1f91c49eb25bae63c4e646e8f300609472e54ed0b
-
Size
735KB
-
MD5
236c6160a6c82bba4a0e2d1ad23632d9
-
SHA1
deec3fa40fb1e92c4d30ce582cc2b9cd19e0abc0
-
SHA256
670c7ea2cdf1c556ef6be7b1f91c49eb25bae63c4e646e8f300609472e54ed0b
-
SHA512
6810de657a8e4cd42431b716e0cfc1b443b083937852c209d44be14d2f2faf868cb07089a41ee6c6415f3c99392846166197cb9ddaada08e525acd4a8d4019d4
-
SSDEEP
12288:zMrPy90DM3sdrLw14kMalKtMRS4Sl2VUpf+7uDLOsqt5UQkITOpM7IvP0JcaP1X:UyGM3s/9alK2RS41Z7IHl4OpM72i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-