General
-
Target
e963fc3a6bd61887ae394ad6b2f0cbc9d48df1a8e23863fb48261b3779de31e6
-
Size
735KB
-
Sample
230605-ysjtfabb7s
-
MD5
b3addd12ca8d10c963bf87ad7a4b8c5f
-
SHA1
50b8fa5e52f5440cfb3738019f9e1937f06f6fbe
-
SHA256
e963fc3a6bd61887ae394ad6b2f0cbc9d48df1a8e23863fb48261b3779de31e6
-
SHA512
2852b80dbb141467eed8745c9ca4b89f2e472ba3699b1c8463bca11b45c458f631d4aa8b671f2b29d75f3ab70d93bf829e97b1960525cd34c7331f5f2e1a1fdd
-
SSDEEP
12288:hMrey90ok29pLyXog6EwsCJomEAjwkIbtCm+qYon3yo8KwyFnSGFnTKoUzz:Py7sog6EwsCJPHIs+rC8nFSAnTkz
Static task
static1
Behavioral task
behavioral1
Sample
e963fc3a6bd61887ae394ad6b2f0cbc9d48df1a8e23863fb48261b3779de31e6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
e963fc3a6bd61887ae394ad6b2f0cbc9d48df1a8e23863fb48261b3779de31e6
-
Size
735KB
-
MD5
b3addd12ca8d10c963bf87ad7a4b8c5f
-
SHA1
50b8fa5e52f5440cfb3738019f9e1937f06f6fbe
-
SHA256
e963fc3a6bd61887ae394ad6b2f0cbc9d48df1a8e23863fb48261b3779de31e6
-
SHA512
2852b80dbb141467eed8745c9ca4b89f2e472ba3699b1c8463bca11b45c458f631d4aa8b671f2b29d75f3ab70d93bf829e97b1960525cd34c7331f5f2e1a1fdd
-
SSDEEP
12288:hMrey90ok29pLyXog6EwsCJomEAjwkIbtCm+qYon3yo8KwyFnSGFnTKoUzz:Py7sog6EwsCJPHIs+rC8nFSAnTkz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-