General
-
Target
5cb92453d2766c3c6aaa512a17930bbb49345351076913f18ec0f0fbe35be5b4
-
Size
723KB
-
Sample
230606-1q2btagd6w
-
MD5
c86549610822ae7ef212b0e8787240d3
-
SHA1
a8005989483e998874b66b5d39ae2c17f1fd4f32
-
SHA256
5cb92453d2766c3c6aaa512a17930bbb49345351076913f18ec0f0fbe35be5b4
-
SHA512
8a3fc68a4d682a702af65ccbb483cbda25cc7e1249926b57b2002a27b3614ae9fa5bec2d73ee19f45aa52bb1e888deaab349fae950c90bfe129d33efef9385a6
-
SSDEEP
12288:sMrQy9067K78b+xREk54IdxzjiJrWRFKNZqzA5lik0zQCeq1IWYxTxmv1dDTe:syhW4b+xRP54IniyR8NZAnPQuIhnmbS
Static task
static1
Behavioral task
behavioral1
Sample
5cb92453d2766c3c6aaa512a17930bbb49345351076913f18ec0f0fbe35be5b4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
5cb92453d2766c3c6aaa512a17930bbb49345351076913f18ec0f0fbe35be5b4
-
Size
723KB
-
MD5
c86549610822ae7ef212b0e8787240d3
-
SHA1
a8005989483e998874b66b5d39ae2c17f1fd4f32
-
SHA256
5cb92453d2766c3c6aaa512a17930bbb49345351076913f18ec0f0fbe35be5b4
-
SHA512
8a3fc68a4d682a702af65ccbb483cbda25cc7e1249926b57b2002a27b3614ae9fa5bec2d73ee19f45aa52bb1e888deaab349fae950c90bfe129d33efef9385a6
-
SSDEEP
12288:sMrQy9067K78b+xREk54IdxzjiJrWRFKNZqzA5lik0zQCeq1IWYxTxmv1dDTe:syhW4b+xRP54IniyR8NZAnPQuIhnmbS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-