General
-
Target
4922ba7ac074fc41ba141ff9fd2088de18d999460623e521d305cd6a5e795b11
-
Size
735KB
-
Sample
230606-bwktksca9x
-
MD5
15d0bdf345583efd9c9ca87fbfc540d8
-
SHA1
6950e27d49640275be0df433bceffa00a4107047
-
SHA256
4922ba7ac074fc41ba141ff9fd2088de18d999460623e521d305cd6a5e795b11
-
SHA512
75ec4c6dd1a592e762b3e2e2f8eb7d358c96821adc380497384dd743b54fdf948c1fe26e3b9075d6cc13b9477ab4bf8ae50a85c66b67dbd1fa95759decb29f17
-
SSDEEP
12288:iMr8y90hpP3roagjPzsPV55U5m03yrklBCcJvD3K4vhYczaR29YrS6wGozQ:iyYpP3rfFN5C5jyklwcJDK4v23eYrSxM
Static task
static1
Behavioral task
behavioral1
Sample
4922ba7ac074fc41ba141ff9fd2088de18d999460623e521d305cd6a5e795b11.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
4922ba7ac074fc41ba141ff9fd2088de18d999460623e521d305cd6a5e795b11
-
Size
735KB
-
MD5
15d0bdf345583efd9c9ca87fbfc540d8
-
SHA1
6950e27d49640275be0df433bceffa00a4107047
-
SHA256
4922ba7ac074fc41ba141ff9fd2088de18d999460623e521d305cd6a5e795b11
-
SHA512
75ec4c6dd1a592e762b3e2e2f8eb7d358c96821adc380497384dd743b54fdf948c1fe26e3b9075d6cc13b9477ab4bf8ae50a85c66b67dbd1fa95759decb29f17
-
SSDEEP
12288:iMr8y90hpP3roagjPzsPV55U5m03yrklBCcJvD3K4vhYczaR29YrS6wGozQ:iyYpP3rfFN5C5jyklwcJDK4v23eYrSxM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-