General
-
Target
c7bf75dc5395e5623f80df6f9080632e.exe
-
Size
736KB
-
Sample
230606-cp6cdacc5y
-
MD5
c7bf75dc5395e5623f80df6f9080632e
-
SHA1
a376dabda615aed4258a5c88e5360b84b71271fe
-
SHA256
a831f4abfb429b97536aa52605d5e7405007ea5b2af185e6dcee9234c21804cc
-
SHA512
d3ad36a5085d8fc55f406790fbf28b2d477d2ee6e759875e90c0a054e457050e65dd8b7ece21d5fdfdde05de876727c6c249c5d4c79d223b2aaec5b302330871
-
SSDEEP
12288:VMrKy90GXkxlINahTNCrvxyekItxPZ2sxMKyhH/sq0snucYgpp//NcdG:TyP0vYauvxDkIJ2sxM7hU/cYgj/NOG
Static task
static1
Behavioral task
behavioral1
Sample
c7bf75dc5395e5623f80df6f9080632e.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c7bf75dc5395e5623f80df6f9080632e.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
c7bf75dc5395e5623f80df6f9080632e.exe
-
Size
736KB
-
MD5
c7bf75dc5395e5623f80df6f9080632e
-
SHA1
a376dabda615aed4258a5c88e5360b84b71271fe
-
SHA256
a831f4abfb429b97536aa52605d5e7405007ea5b2af185e6dcee9234c21804cc
-
SHA512
d3ad36a5085d8fc55f406790fbf28b2d477d2ee6e759875e90c0a054e457050e65dd8b7ece21d5fdfdde05de876727c6c249c5d4c79d223b2aaec5b302330871
-
SSDEEP
12288:VMrKy90GXkxlINahTNCrvxyekItxPZ2sxMKyhH/sq0snucYgpp//NcdG:TyP0vYauvxDkIJ2sxM7hU/cYgj/NOG
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-