General
-
Target
2b7af77364d53031bad18f6c713f56575779a5b3cc54f29c2d1ca992df0a2687
-
Size
737KB
-
Sample
230606-kgnflacg68
-
MD5
1d474540a1122e116b1fe4080f2b887f
-
SHA1
0505ee0b836c2bf37cca82fd3c7e3a8ec81de1ae
-
SHA256
2b7af77364d53031bad18f6c713f56575779a5b3cc54f29c2d1ca992df0a2687
-
SHA512
4fde82f4fdf5353363d86be1723ca7d0676d2051e35cd190310dd6cdd1d073cd62cd886585a940b8fb504cebf193dd7313084122c680b5b2bb233d69a1d42d2a
-
SSDEEP
12288:JMrYy90QSlnzqq1VamqABWhSka6L5Zw48NTdOIIleSRcyqFDJzBB58BBIRTAPZG2:By3SlnzXLWhba6L5+4yhClRcFBBafZl
Static task
static1
Behavioral task
behavioral1
Sample
2b7af77364d53031bad18f6c713f56575779a5b3cc54f29c2d1ca992df0a2687.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
2b7af77364d53031bad18f6c713f56575779a5b3cc54f29c2d1ca992df0a2687
-
Size
737KB
-
MD5
1d474540a1122e116b1fe4080f2b887f
-
SHA1
0505ee0b836c2bf37cca82fd3c7e3a8ec81de1ae
-
SHA256
2b7af77364d53031bad18f6c713f56575779a5b3cc54f29c2d1ca992df0a2687
-
SHA512
4fde82f4fdf5353363d86be1723ca7d0676d2051e35cd190310dd6cdd1d073cd62cd886585a940b8fb504cebf193dd7313084122c680b5b2bb233d69a1d42d2a
-
SSDEEP
12288:JMrYy90QSlnzqq1VamqABWhSka6L5Zw48NTdOIIleSRcyqFDJzBB58BBIRTAPZG2:By3SlnzXLWhba6L5+4yhClRcFBBafZl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-