General
-
Target
09176899.exe
-
Size
738KB
-
Sample
230606-nv3zzsde28
-
MD5
7d6d01b7c3df47a2a39be56193817755
-
SHA1
7e9ca287926b479f1f8eae2e3868dbad49536e51
-
SHA256
fd15974ecf3a2d60fdfd573d4cd2d77022ef0616b627a7288eef94c7457cf61a
-
SHA512
ec806cf71621ae75927e4199a8be3c366adf311a5d65071101c73881c6a1d990fc72a021fbdb30e9a7984d503245ee29166591fc17c49372cb9c3d12d085e2d0
-
SSDEEP
12288:ZMrYy90L8oZeYoRGMwo3D8gvLrYw2Api257LxV8GUBD1jeIOQ4NYjRu+R:pya8ouE03pvLrYVq/eGID16I10+R
Static task
static1
Behavioral task
behavioral1
Sample
09176899.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
09176899.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
09176899.exe
-
Size
738KB
-
MD5
7d6d01b7c3df47a2a39be56193817755
-
SHA1
7e9ca287926b479f1f8eae2e3868dbad49536e51
-
SHA256
fd15974ecf3a2d60fdfd573d4cd2d77022ef0616b627a7288eef94c7457cf61a
-
SHA512
ec806cf71621ae75927e4199a8be3c366adf311a5d65071101c73881c6a1d990fc72a021fbdb30e9a7984d503245ee29166591fc17c49372cb9c3d12d085e2d0
-
SSDEEP
12288:ZMrYy90L8oZeYoRGMwo3D8gvLrYw2Api257LxV8GUBD1jeIOQ4NYjRu+R:pya8ouE03pvLrYVq/eGID16I10+R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-