General
-
Target
a5cb4aebee183b1ca3687cac0257076a5a9e11a5003d5872e901b8f9a2a99a93
-
Size
736KB
-
Sample
230605-ws8fpaaf6w
-
MD5
be5aead78b1316fe7e441cf6f170a740
-
SHA1
3d568d0ca6f02632cf448fda4873d053750b1085
-
SHA256
a5cb4aebee183b1ca3687cac0257076a5a9e11a5003d5872e901b8f9a2a99a93
-
SHA512
a27f02fd9033b0e1f455c522588ad81ee83434cdc83654441489f809b3d0fe7ab15772f8fd02a98ac7fa441ba90f7e1120b17a0cf8c3a73dbe258e116b608431
-
SSDEEP
12288:sMrey90x7171Aw6CiTd71McYjc3NcDfpalF711PpvrVG5Ni2j7SQxXK+:SylX7uKCMt1Ppvk/nmQI+
Static task
static1
Behavioral task
behavioral1
Sample
a5cb4aebee183b1ca3687cac0257076a5a9e11a5003d5872e901b8f9a2a99a93.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
a5cb4aebee183b1ca3687cac0257076a5a9e11a5003d5872e901b8f9a2a99a93
-
Size
736KB
-
MD5
be5aead78b1316fe7e441cf6f170a740
-
SHA1
3d568d0ca6f02632cf448fda4873d053750b1085
-
SHA256
a5cb4aebee183b1ca3687cac0257076a5a9e11a5003d5872e901b8f9a2a99a93
-
SHA512
a27f02fd9033b0e1f455c522588ad81ee83434cdc83654441489f809b3d0fe7ab15772f8fd02a98ac7fa441ba90f7e1120b17a0cf8c3a73dbe258e116b608431
-
SSDEEP
12288:sMrey90x7171Aw6CiTd71McYjc3NcDfpalF711PpvrVG5Ni2j7SQxXK+:SylX7uKCMt1Ppvk/nmQI+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-