General
-
Target
19ac755988d43e7a2f5dbb350f42f1b10e2b87769d648fb292b70f711af21945
-
Size
735KB
-
Sample
230606-c48faabg45
-
MD5
b909e9c251c601a63028d59aa2974f19
-
SHA1
18300fd5e3c42c23d3bc3af68e547f2e23b47813
-
SHA256
19ac755988d43e7a2f5dbb350f42f1b10e2b87769d648fb292b70f711af21945
-
SHA512
4ac4e05cb20b0cafc198df9d5747910f255873769fe6641b30fb2e4412769e19b26ba87ea75f71f86a2d3a70ae846950eee61b531543a3f3585008807946cbb8
-
SSDEEP
12288:OMrey90NrpOKgGa7D2nf5h/WAbrNBnF98pMj+7fZQZ0Crd3mRuZIQO:kygCGnOAbrvb8p/7fZQm82AqQO
Static task
static1
Behavioral task
behavioral1
Sample
19ac755988d43e7a2f5dbb350f42f1b10e2b87769d648fb292b70f711af21945.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
19ac755988d43e7a2f5dbb350f42f1b10e2b87769d648fb292b70f711af21945
-
Size
735KB
-
MD5
b909e9c251c601a63028d59aa2974f19
-
SHA1
18300fd5e3c42c23d3bc3af68e547f2e23b47813
-
SHA256
19ac755988d43e7a2f5dbb350f42f1b10e2b87769d648fb292b70f711af21945
-
SHA512
4ac4e05cb20b0cafc198df9d5747910f255873769fe6641b30fb2e4412769e19b26ba87ea75f71f86a2d3a70ae846950eee61b531543a3f3585008807946cbb8
-
SSDEEP
12288:OMrey90NrpOKgGa7D2nf5h/WAbrNBnF98pMj+7fZQZ0Crd3mRuZIQO:kygCGnOAbrvb8p/7fZQm82AqQO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-