General
-
Target
c09d619a7f9258ea6920c748a3ce0d3acdd8c2263f331b283ebef1faa75d5a5e
-
Size
735KB
-
Sample
230606-cz1vmsbg25
-
MD5
b4c79b260c394a87858eeb70f0e02907
-
SHA1
7bcd4bffad94d2c7a885332d0fccad4424e34eaf
-
SHA256
c09d619a7f9258ea6920c748a3ce0d3acdd8c2263f331b283ebef1faa75d5a5e
-
SHA512
3c23ab9e4bd8e25bbb24801e43dcade8150d11bdc8ee8c4569e696a05129fbee913a3029a9e1f613ef72d136ac28c72c681bf019c88e20851bf9c5e81914fa8e
-
SSDEEP
12288:PMr6y90TVPTskc9a3fSU+4aVkk/4aoST0SsnUrdNhFYhKtCMuTaCFymN:Ny6lfc9a6U+OkPk85+M/pjq
Static task
static1
Behavioral task
behavioral1
Sample
c09d619a7f9258ea6920c748a3ce0d3acdd8c2263f331b283ebef1faa75d5a5e.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
c09d619a7f9258ea6920c748a3ce0d3acdd8c2263f331b283ebef1faa75d5a5e
-
Size
735KB
-
MD5
b4c79b260c394a87858eeb70f0e02907
-
SHA1
7bcd4bffad94d2c7a885332d0fccad4424e34eaf
-
SHA256
c09d619a7f9258ea6920c748a3ce0d3acdd8c2263f331b283ebef1faa75d5a5e
-
SHA512
3c23ab9e4bd8e25bbb24801e43dcade8150d11bdc8ee8c4569e696a05129fbee913a3029a9e1f613ef72d136ac28c72c681bf019c88e20851bf9c5e81914fa8e
-
SSDEEP
12288:PMr6y90TVPTskc9a3fSU+4aVkk/4aoST0SsnUrdNhFYhKtCMuTaCFymN:Ny6lfc9a6U+OkPk85+M/pjq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-