General
-
Target
file.exe
-
Size
735KB
-
Sample
230605-zapgmsbc8s
-
MD5
1c9179fad34aa4dd246b5ebd3539b7b1
-
SHA1
04d1a165e2e7dc2f1736223a9cfe1ad7aebacb6a
-
SHA256
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976
-
SHA512
ead9b21f1df264c0fff816a6e11eba1c747cf16bb7dcc65c766f203a848e31b7e882edfc36bee62f6e22eb0639470bed72022759012204c92fb5919251e60edd
-
SSDEEP
12288:hMrqy90LcnW2YHevd7sSQ3lcPnQgP7ya7NkVBV20IxE:DyA2YHevd7sSI2f5Pua+I0qE
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
file.exe
-
Size
735KB
-
MD5
1c9179fad34aa4dd246b5ebd3539b7b1
-
SHA1
04d1a165e2e7dc2f1736223a9cfe1ad7aebacb6a
-
SHA256
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976
-
SHA512
ead9b21f1df264c0fff816a6e11eba1c747cf16bb7dcc65c766f203a848e31b7e882edfc36bee62f6e22eb0639470bed72022759012204c92fb5919251e60edd
-
SSDEEP
12288:hMrqy90LcnW2YHevd7sSQ3lcPnQgP7ya7NkVBV20IxE:DyA2YHevd7sSI2f5Pua+I0qE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-