General
-
Target
82edc1cb0a3b78686dc0c1d743c01caa71e3f4aa30ad0df10cd94aa572a24ff5
-
Size
735KB
-
Sample
230605-ztm3xsag88
-
MD5
6dba847d52d5966dab44f97fceb70083
-
SHA1
dfc29685dc61d3cb1fb35e15bb8c93716d522c7f
-
SHA256
82edc1cb0a3b78686dc0c1d743c01caa71e3f4aa30ad0df10cd94aa572a24ff5
-
SHA512
fb1904dfcaa7ee9ccb1602c4c9c0d263bdc96bb9999c4a108c24eb2b20f4b89b457addaca2c02fa1d3ae270ba6b8d1574737d6c9fd11f9db3cefc78169dd3994
-
SSDEEP
12288:FMr+y90nrSYKyHgyqehfO/g+5aLdTo/mFhEr+L2TlHnZ3z0IHfSR+L:fyD5eheg+5kLuKiVnZYIHfSA
Static task
static1
Behavioral task
behavioral1
Sample
82edc1cb0a3b78686dc0c1d743c01caa71e3f4aa30ad0df10cd94aa572a24ff5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
82edc1cb0a3b78686dc0c1d743c01caa71e3f4aa30ad0df10cd94aa572a24ff5
-
Size
735KB
-
MD5
6dba847d52d5966dab44f97fceb70083
-
SHA1
dfc29685dc61d3cb1fb35e15bb8c93716d522c7f
-
SHA256
82edc1cb0a3b78686dc0c1d743c01caa71e3f4aa30ad0df10cd94aa572a24ff5
-
SHA512
fb1904dfcaa7ee9ccb1602c4c9c0d263bdc96bb9999c4a108c24eb2b20f4b89b457addaca2c02fa1d3ae270ba6b8d1574737d6c9fd11f9db3cefc78169dd3994
-
SSDEEP
12288:FMr+y90nrSYKyHgyqehfO/g+5aLdTo/mFhEr+L2TlHnZ3z0IHfSR+L:fyD5eheg+5kLuKiVnZYIHfSA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-