General
-
Target
c25765699476b26c8e9035ff99ea5eb5279177e0b6630b8c13285f69ea94789d
-
Size
733KB
-
Sample
230605-wrgxcaaa69
-
MD5
86ffbeefff7f5462103e23af183ce9c8
-
SHA1
4a3a2a2496c707858f33c7012e5d1a7117947888
-
SHA256
c25765699476b26c8e9035ff99ea5eb5279177e0b6630b8c13285f69ea94789d
-
SHA512
889360c39ba5cc6da7d5e1d7ced706d1b7597e8ec793a6edc1c2c0e411fee0751eff9e65ee23cf5fadf33e850c0d24d6272cd1e080ef315b2a953d04ee1826c2
-
SSDEEP
12288:eMryy90+zAyPr6i4qrmjwib9Prn32RmJ9iIiSjWLplS9ed:4yjvxrmjwib9PzGRmK1S6lSa
Static task
static1
Behavioral task
behavioral1
Sample
c25765699476b26c8e9035ff99ea5eb5279177e0b6630b8c13285f69ea94789d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
c25765699476b26c8e9035ff99ea5eb5279177e0b6630b8c13285f69ea94789d
-
Size
733KB
-
MD5
86ffbeefff7f5462103e23af183ce9c8
-
SHA1
4a3a2a2496c707858f33c7012e5d1a7117947888
-
SHA256
c25765699476b26c8e9035ff99ea5eb5279177e0b6630b8c13285f69ea94789d
-
SHA512
889360c39ba5cc6da7d5e1d7ced706d1b7597e8ec793a6edc1c2c0e411fee0751eff9e65ee23cf5fadf33e850c0d24d6272cd1e080ef315b2a953d04ee1826c2
-
SSDEEP
12288:eMryy90+zAyPr6i4qrmjwib9Prn32RmJ9iIiSjWLplS9ed:4yjvxrmjwib9PzGRmK1S6lSa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-