General
-
Target
1d6b0e940f7b36bf6b05be50ac932c7f105362f8beea72d3c2e164ed2e31de28
-
Size
725KB
-
Sample
230606-1x2adsfh34
-
MD5
65147028cbd2fb76483618a895dfcfab
-
SHA1
0c778ba9334ddeb7b264e5ed70d55e131e000e21
-
SHA256
1d6b0e940f7b36bf6b05be50ac932c7f105362f8beea72d3c2e164ed2e31de28
-
SHA512
3619e2d604ffe31932afb03f3403be13a0e37a22212be8c64f071ab315a8d30f706f9ec43092ea8d543a5095470feb14ff36d8e322982eae94b8ba1f0c7f4756
-
SSDEEP
12288:VMrcy90xOQLIlbALJTrSGNRCfsSbQnddtcDWuSRh4MQn8EMEwZW/09VGyY:dySL9NvNRCUSbQDtcjSRhXAloQ
Static task
static1
Behavioral task
behavioral1
Sample
1d6b0e940f7b36bf6b05be50ac932c7f105362f8beea72d3c2e164ed2e31de28.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
1d6b0e940f7b36bf6b05be50ac932c7f105362f8beea72d3c2e164ed2e31de28
-
Size
725KB
-
MD5
65147028cbd2fb76483618a895dfcfab
-
SHA1
0c778ba9334ddeb7b264e5ed70d55e131e000e21
-
SHA256
1d6b0e940f7b36bf6b05be50ac932c7f105362f8beea72d3c2e164ed2e31de28
-
SHA512
3619e2d604ffe31932afb03f3403be13a0e37a22212be8c64f071ab315a8d30f706f9ec43092ea8d543a5095470feb14ff36d8e322982eae94b8ba1f0c7f4756
-
SSDEEP
12288:VMrcy90xOQLIlbALJTrSGNRCfsSbQnddtcDWuSRh4MQn8EMEwZW/09VGyY:dySL9NvNRCUSbQDtcjSRhXAloQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-