General
-
Target
81768de38ce302d10041c419691a4181c1a26d7bf2b05c94919b277bd91ffd04
-
Size
735KB
-
Sample
230606-ebg4qsce3w
-
MD5
aeeb8a5443318465235ee20862092762
-
SHA1
c0fb85a50c87a11203c3429bf626ae596536aaa5
-
SHA256
81768de38ce302d10041c419691a4181c1a26d7bf2b05c94919b277bd91ffd04
-
SHA512
885274d14d2444925097e477769e588fba1849054063c203318ad3f0137a13871d15fb65b88c8ab5c736c3e25ae1111b640ba1c4e148ea2207cd86d5f2331241
-
SSDEEP
12288:oMrSy90HBrqo+p6zX3rW70nIjafx8qozQV626QRB2qiFVqFO/2tsiWm:ayKpnPLfx8J8V62av+OOtDWm
Static task
static1
Behavioral task
behavioral1
Sample
81768de38ce302d10041c419691a4181c1a26d7bf2b05c94919b277bd91ffd04.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
81768de38ce302d10041c419691a4181c1a26d7bf2b05c94919b277bd91ffd04
-
Size
735KB
-
MD5
aeeb8a5443318465235ee20862092762
-
SHA1
c0fb85a50c87a11203c3429bf626ae596536aaa5
-
SHA256
81768de38ce302d10041c419691a4181c1a26d7bf2b05c94919b277bd91ffd04
-
SHA512
885274d14d2444925097e477769e588fba1849054063c203318ad3f0137a13871d15fb65b88c8ab5c736c3e25ae1111b640ba1c4e148ea2207cd86d5f2331241
-
SSDEEP
12288:oMrSy90HBrqo+p6zX3rW70nIjafx8qozQV626QRB2qiFVqFO/2tsiWm:ayKpnPLfx8J8V62av+OOtDWm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-