General
-
Target
04f7fefd1e1a7fd1c41833205b9fa2e4.exe
-
Size
735KB
-
Sample
230606-cp5qvacc5t
-
MD5
04f7fefd1e1a7fd1c41833205b9fa2e4
-
SHA1
fa3c4eb9b429559c6dd4c270b16965e8dae31939
-
SHA256
66b7df7b740edf84d18c3b692293dc19e5a108936f10537ad5e9324906c90e34
-
SHA512
9a6fe1282cb08fc5e26dae8b5bf60641da510db4661f4cf89511d194d7bd404fa2faa05bc9ec6afad03c7b2f516dd8a534d28b1520fa4620a11cd3fa7e2a761b
-
SSDEEP
12288:4Mruy90CidCE16JejWlEVFpkn+Z0nlFr6YNCLG7flGKd9d5f1Iy3YIDDeD6/qlXx:myAdn142Dqlx6DyUKd9TfW+ZDyTXx
Static task
static1
Behavioral task
behavioral1
Sample
04f7fefd1e1a7fd1c41833205b9fa2e4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
04f7fefd1e1a7fd1c41833205b9fa2e4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
04f7fefd1e1a7fd1c41833205b9fa2e4.exe
-
Size
735KB
-
MD5
04f7fefd1e1a7fd1c41833205b9fa2e4
-
SHA1
fa3c4eb9b429559c6dd4c270b16965e8dae31939
-
SHA256
66b7df7b740edf84d18c3b692293dc19e5a108936f10537ad5e9324906c90e34
-
SHA512
9a6fe1282cb08fc5e26dae8b5bf60641da510db4661f4cf89511d194d7bd404fa2faa05bc9ec6afad03c7b2f516dd8a534d28b1520fa4620a11cd3fa7e2a761b
-
SSDEEP
12288:4Mruy90CidCE16JejWlEVFpkn+Z0nlFr6YNCLG7flGKd9d5f1Iy3YIDDeD6/qlXx:myAdn142Dqlx6DyUKd9TfW+ZDyTXx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-