General
-
Target
3ebfa871a8b6ab2e3a911b6e652908e069aec940315acbdb0039981fcfdc6ca9
-
Size
735KB
-
Sample
230606-pf5eyaeb2s
-
MD5
cab1864e8205635e834abae78c520ce9
-
SHA1
f6eeb9793c868cfafa8ae83de108660172d03218
-
SHA256
3ebfa871a8b6ab2e3a911b6e652908e069aec940315acbdb0039981fcfdc6ca9
-
SHA512
76e22375aa6c975bb8796f1b134a1d3d5c0dfb692957fb3ca1ad96188f5c45f7b0132f25ce6fd42b495460fee1234353de6ea8d3ec0f43eb85ffa19133dd5e57
-
SSDEEP
12288:OMr8y90ayogIwKLvrOdAHeeqRsYkgSfM4gs9TfIXWi2IRXyG3vKzreJ:WydmInLvr2e3qSfM0TfyXyG3uC
Static task
static1
Behavioral task
behavioral1
Sample
3ebfa871a8b6ab2e3a911b6e652908e069aec940315acbdb0039981fcfdc6ca9.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
3ebfa871a8b6ab2e3a911b6e652908e069aec940315acbdb0039981fcfdc6ca9
-
Size
735KB
-
MD5
cab1864e8205635e834abae78c520ce9
-
SHA1
f6eeb9793c868cfafa8ae83de108660172d03218
-
SHA256
3ebfa871a8b6ab2e3a911b6e652908e069aec940315acbdb0039981fcfdc6ca9
-
SHA512
76e22375aa6c975bb8796f1b134a1d3d5c0dfb692957fb3ca1ad96188f5c45f7b0132f25ce6fd42b495460fee1234353de6ea8d3ec0f43eb85ffa19133dd5e57
-
SSDEEP
12288:OMr8y90ayogIwKLvrOdAHeeqRsYkgSfM4gs9TfIXWi2IRXyG3vKzreJ:WydmInLvr2e3qSfM0TfyXyG3uC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-