General
-
Target
412472aef182e10d0ec92e8b2a61c4b4.exe
-
Size
735KB
-
Sample
230606-cq4j6scc6y
-
MD5
412472aef182e10d0ec92e8b2a61c4b4
-
SHA1
bc931dfc2573dd6dad0d7396680dbe68ceeea148
-
SHA256
e9ed09e150516340dbb0d9560b74d72adb900166ecf7fc66aa41215efb7ebc71
-
SHA512
3ee93c0cf1af6626a0e7fb79c32820466419bc4ed87ecce7632d407db34f553b47ed5a53205b876f8eb8f188c6b95903041cd1b41f0b6450c37a9e3700740231
-
SSDEEP
12288:xMrVy90Pj8PeQtP2i87zRpKxn+w4RPGl/xFW2KqyTFP+1pmmp1bf7/:MyQj8mtd/zKxnHltJMP+1pmQT
Static task
static1
Behavioral task
behavioral1
Sample
412472aef182e10d0ec92e8b2a61c4b4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
412472aef182e10d0ec92e8b2a61c4b4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
412472aef182e10d0ec92e8b2a61c4b4.exe
-
Size
735KB
-
MD5
412472aef182e10d0ec92e8b2a61c4b4
-
SHA1
bc931dfc2573dd6dad0d7396680dbe68ceeea148
-
SHA256
e9ed09e150516340dbb0d9560b74d72adb900166ecf7fc66aa41215efb7ebc71
-
SHA512
3ee93c0cf1af6626a0e7fb79c32820466419bc4ed87ecce7632d407db34f553b47ed5a53205b876f8eb8f188c6b95903041cd1b41f0b6450c37a9e3700740231
-
SSDEEP
12288:xMrVy90Pj8PeQtP2i87zRpKxn+w4RPGl/xFW2KqyTFP+1pmmp1bf7/:MyQj8mtd/zKxnHltJMP+1pmQT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-