General
-
Target
2b12b7a6becbd1b4b2c8e501929bf6ee3fc693381dc634f5027a3206ee96c66f
-
Size
735KB
-
Sample
230606-fks32aca98
-
MD5
fd55c4e68d8224f9a28886c158854140
-
SHA1
da5287a1d5d02fbb24ed3f9e23235a255faef685
-
SHA256
2b12b7a6becbd1b4b2c8e501929bf6ee3fc693381dc634f5027a3206ee96c66f
-
SHA512
e4387413ba463e05e3c7b9db9561c52144bee55e88234f0ec8330f1fe3b133b3d2444ff1bb4fc447b051c4f6b0a413bbe9de22d0a9a92ac8a6e934f391ea4cb1
-
SSDEEP
12288:KMr/y90SKFBNpU6oLJswlr+8gr8x1IqEpmfnvqSlD3E1m/RElxQLJ:pysFBNpU6sJDMrXRoHqN0H
Static task
static1
Behavioral task
behavioral1
Sample
2b12b7a6becbd1b4b2c8e501929bf6ee3fc693381dc634f5027a3206ee96c66f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
2b12b7a6becbd1b4b2c8e501929bf6ee3fc693381dc634f5027a3206ee96c66f
-
Size
735KB
-
MD5
fd55c4e68d8224f9a28886c158854140
-
SHA1
da5287a1d5d02fbb24ed3f9e23235a255faef685
-
SHA256
2b12b7a6becbd1b4b2c8e501929bf6ee3fc693381dc634f5027a3206ee96c66f
-
SHA512
e4387413ba463e05e3c7b9db9561c52144bee55e88234f0ec8330f1fe3b133b3d2444ff1bb4fc447b051c4f6b0a413bbe9de22d0a9a92ac8a6e934f391ea4cb1
-
SSDEEP
12288:KMr/y90SKFBNpU6oLJswlr+8gr8x1IqEpmfnvqSlD3E1m/RElxQLJ:pysFBNpU6sJDMrXRoHqN0H
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-