General
-
Target
40c85ae969ffabd2e61ab26027dc515f.exe
-
Size
735KB
-
Sample
230606-c9aq7scd3z
-
MD5
40c85ae969ffabd2e61ab26027dc515f
-
SHA1
3dd377da7e0c8fd0a6c728173e69467e68649359
-
SHA256
cf9562f1f4b3a189173560854e6ef7a748b1bbcb6bb8f0b0f0947462ebadaacd
-
SHA512
d9f4a686499b1db2834e9fe9ac4315c3fbd1fd8b5b1118bb957494e143fb24f5f12b00c1851869ab3fbbf33c80b9be20577b935c6f1a5e2ab72aa0edf38483a3
-
SSDEEP
12288:BMruy90L0z0JfmC16lIhvTab/sdAvveStsVrA6k6WNDdBzL0rrHeSOno:TyYT1lWbqTEsVrA6kXND/zwrHuo
Static task
static1
Behavioral task
behavioral1
Sample
40c85ae969ffabd2e61ab26027dc515f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
40c85ae969ffabd2e61ab26027dc515f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
40c85ae969ffabd2e61ab26027dc515f.exe
-
Size
735KB
-
MD5
40c85ae969ffabd2e61ab26027dc515f
-
SHA1
3dd377da7e0c8fd0a6c728173e69467e68649359
-
SHA256
cf9562f1f4b3a189173560854e6ef7a748b1bbcb6bb8f0b0f0947462ebadaacd
-
SHA512
d9f4a686499b1db2834e9fe9ac4315c3fbd1fd8b5b1118bb957494e143fb24f5f12b00c1851869ab3fbbf33c80b9be20577b935c6f1a5e2ab72aa0edf38483a3
-
SSDEEP
12288:BMruy90L0z0JfmC16lIhvTab/sdAvveStsVrA6k6WNDdBzL0rrHeSOno:TyYT1lWbqTEsVrA6kXND/zwrHuo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-