General
-
Target
bf32e1be7c9330af187215b5d530f2f6348367e004049343666cfe3914873c88
-
Size
736KB
-
Sample
230606-jk2lysdb4v
-
MD5
7793b798792066eabf2f625c6a46abbe
-
SHA1
9136e072e1e35c2c0fa890024a988425dcc09a2c
-
SHA256
bf32e1be7c9330af187215b5d530f2f6348367e004049343666cfe3914873c88
-
SHA512
ea45c3c63a93f3bf8b57b1fea6527fb931be4d4c212b42596fbedb01a4bcf6a81cb86e7ded7ff58831c2bec526aff72633a4fe4fad4b5084e221f532da5138cb
-
SSDEEP
12288:AMrCy90CT7Q7AKdRMoT4PvnVFKoEnxocelQ8h5ndLJlyN2B:yyxAAK3MoSVFdEnxocelQa5ndLQ2B
Static task
static1
Behavioral task
behavioral1
Sample
bf32e1be7c9330af187215b5d530f2f6348367e004049343666cfe3914873c88.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
bf32e1be7c9330af187215b5d530f2f6348367e004049343666cfe3914873c88
-
Size
736KB
-
MD5
7793b798792066eabf2f625c6a46abbe
-
SHA1
9136e072e1e35c2c0fa890024a988425dcc09a2c
-
SHA256
bf32e1be7c9330af187215b5d530f2f6348367e004049343666cfe3914873c88
-
SHA512
ea45c3c63a93f3bf8b57b1fea6527fb931be4d4c212b42596fbedb01a4bcf6a81cb86e7ded7ff58831c2bec526aff72633a4fe4fad4b5084e221f532da5138cb
-
SSDEEP
12288:AMrCy90CT7Q7AKdRMoT4PvnVFKoEnxocelQ8h5ndLJlyN2B:yyxAAK3MoSVFdEnxocelQa5ndLQ2B
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-