General
-
Target
a0bf2e9cda112a33e01e538a27e0eeffee84dfd1e71edcf063ba591b992a4670
-
Size
716KB
-
Sample
230606-2kwd2sge8t
-
MD5
406c5556d8c40ba45aa8e0384cda586e
-
SHA1
fdc42dfc3f5f0d391529c410162e71995cbc481d
-
SHA256
a0bf2e9cda112a33e01e538a27e0eeffee84dfd1e71edcf063ba591b992a4670
-
SHA512
4ff29899e5dfee2f409d58fc864beb826899e0aa5b99ec30062c1bce09a9ca885d53ccc50e17b832eea5336de297dcd81bbaf04c6222fffef2a5429c2b1456de
-
SSDEEP
12288:5MrFy90AKLb99P6XbZdpNVkzsCzrbXGVoy/apDu:sysb8ZLNVkzsCzPvyP
Static task
static1
Behavioral task
behavioral1
Sample
a0bf2e9cda112a33e01e538a27e0eeffee84dfd1e71edcf063ba591b992a4670.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
a0bf2e9cda112a33e01e538a27e0eeffee84dfd1e71edcf063ba591b992a4670
-
Size
716KB
-
MD5
406c5556d8c40ba45aa8e0384cda586e
-
SHA1
fdc42dfc3f5f0d391529c410162e71995cbc481d
-
SHA256
a0bf2e9cda112a33e01e538a27e0eeffee84dfd1e71edcf063ba591b992a4670
-
SHA512
4ff29899e5dfee2f409d58fc864beb826899e0aa5b99ec30062c1bce09a9ca885d53ccc50e17b832eea5336de297dcd81bbaf04c6222fffef2a5429c2b1456de
-
SSDEEP
12288:5MrFy90AKLb99P6XbZdpNVkzsCzrbXGVoy/apDu:sysb8ZLNVkzsCzPvyP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-