General
-
Target
19270ffe391dc548dd1302f2f2866ff77465284b79b0543ac140f6c56b49cff3
-
Size
736KB
-
Sample
230606-b4z88scb5s
-
MD5
8d29edc31692cece0b31aec70a1dc48e
-
SHA1
a3cb1a9061e2a9a5c8a89d56cd358d0a76cf8b4d
-
SHA256
19270ffe391dc548dd1302f2f2866ff77465284b79b0543ac140f6c56b49cff3
-
SHA512
cf76a6a7f9b6a37555ed85e8db43b3fced375910903747628f68da591dde607567fbae118c66113a7015e9e899e244effbbff416eafcc7b864a2c2ae83dcb2cc
-
SSDEEP
12288:mMroy90tgd2a9wkHWRf5edWi8nAsGAVNuOOUky0jVZkk5Acc:6yegd2al2RYdWXLoODky0t5E
Static task
static1
Behavioral task
behavioral1
Sample
19270ffe391dc548dd1302f2f2866ff77465284b79b0543ac140f6c56b49cff3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
19270ffe391dc548dd1302f2f2866ff77465284b79b0543ac140f6c56b49cff3
-
Size
736KB
-
MD5
8d29edc31692cece0b31aec70a1dc48e
-
SHA1
a3cb1a9061e2a9a5c8a89d56cd358d0a76cf8b4d
-
SHA256
19270ffe391dc548dd1302f2f2866ff77465284b79b0543ac140f6c56b49cff3
-
SHA512
cf76a6a7f9b6a37555ed85e8db43b3fced375910903747628f68da591dde607567fbae118c66113a7015e9e899e244effbbff416eafcc7b864a2c2ae83dcb2cc
-
SSDEEP
12288:mMroy90tgd2a9wkHWRf5edWi8nAsGAVNuOOUky0jVZkk5Acc:6yegd2al2RYdWXLoODky0t5E
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-