General
-
Target
3ad0123690b3f59924c82ff86fde6ca90474b8ee8e395f7b9a4902922efd2705
-
Size
736KB
-
Sample
230606-dtpe4abh27
-
MD5
4636d9e8bcc1a6d371204c04cc95ae18
-
SHA1
7a6e6ca9b8983baf372a07e9de40454d91445101
-
SHA256
3ad0123690b3f59924c82ff86fde6ca90474b8ee8e395f7b9a4902922efd2705
-
SHA512
525d992de081c45b2e6ac26968ac3967615cb74dce91972a38f88c2d3673e9ecb57ce4dbd0887fa99e02b7740589ab7fce48725136cfc9de16f9567d7e7ab429
-
SSDEEP
12288:TMrOy904y0hFYF6cnF27059C4Iy0EVqrTQv5s0qBNFk8O/T9/lV1T0LJH/hYmdX:By2OYF6cns6tVST85LqBy/ThlPTcpd9
Static task
static1
Behavioral task
behavioral1
Sample
3ad0123690b3f59924c82ff86fde6ca90474b8ee8e395f7b9a4902922efd2705.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
3ad0123690b3f59924c82ff86fde6ca90474b8ee8e395f7b9a4902922efd2705
-
Size
736KB
-
MD5
4636d9e8bcc1a6d371204c04cc95ae18
-
SHA1
7a6e6ca9b8983baf372a07e9de40454d91445101
-
SHA256
3ad0123690b3f59924c82ff86fde6ca90474b8ee8e395f7b9a4902922efd2705
-
SHA512
525d992de081c45b2e6ac26968ac3967615cb74dce91972a38f88c2d3673e9ecb57ce4dbd0887fa99e02b7740589ab7fce48725136cfc9de16f9567d7e7ab429
-
SSDEEP
12288:TMrOy904y0hFYF6cnF27059C4Iy0EVqrTQv5s0qBNFk8O/T9/lV1T0LJH/hYmdX:By2OYF6cns6tVST85LqBy/ThlPTcpd9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-