General
-
Target
139ca9693042d296a5fe37457aa0e8968113545705ea9d332b6b94abc8332fbd
-
Size
738KB
-
Sample
230606-mb23xadf6x
-
MD5
a842c3030b6492acf30649181f693ae9
-
SHA1
21207d067d18b6b506095dd4c40e19877974fe92
-
SHA256
139ca9693042d296a5fe37457aa0e8968113545705ea9d332b6b94abc8332fbd
-
SHA512
2d5d9f77ad35d8311a51ae101cc93126c279c5c18d87bae98641446544843399cc7a262d65bd007f6fff253ded25ba8cd4d5f5b554049cc63b7180ff57f79a89
-
SSDEEP
12288:0Mrly90/CoIST5ws7rZH26GaS4umKAng5Zod475flqrqv2pniQAOATlzr9TPdILq:pyuCoIEZ7SHuKKg5ZoudqrvtkrhPdUkp
Static task
static1
Behavioral task
behavioral1
Sample
139ca9693042d296a5fe37457aa0e8968113545705ea9d332b6b94abc8332fbd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
139ca9693042d296a5fe37457aa0e8968113545705ea9d332b6b94abc8332fbd
-
Size
738KB
-
MD5
a842c3030b6492acf30649181f693ae9
-
SHA1
21207d067d18b6b506095dd4c40e19877974fe92
-
SHA256
139ca9693042d296a5fe37457aa0e8968113545705ea9d332b6b94abc8332fbd
-
SHA512
2d5d9f77ad35d8311a51ae101cc93126c279c5c18d87bae98641446544843399cc7a262d65bd007f6fff253ded25ba8cd4d5f5b554049cc63b7180ff57f79a89
-
SSDEEP
12288:0Mrly90/CoIST5ws7rZH26GaS4umKAng5Zod475flqrqv2pniQAOATlzr9TPdILq:pyuCoIEZ7SHuKKg5ZoudqrvtkrhPdUkp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-