General
-
Target
4cb603c562454a15062327d3acbca5cbce2587e5a873d2b24c6f1df001ec59d7
-
Size
738KB
-
Sample
230606-qbmvrsdg46
-
MD5
a5ebeaaee8aeaadecca6a52c53e2d3a5
-
SHA1
6e8d4b1a6d0cb8e6dfc490b76ae666b4048706ff
-
SHA256
4cb603c562454a15062327d3acbca5cbce2587e5a873d2b24c6f1df001ec59d7
-
SHA512
595fbb516716f4b49abe9f67ed18b9074a58ee937f4ba69a1f79f96f951bd3a1c828db7c20ef2b25f8914e5a645052c3f22897bdac0f7ab3d09fbd6d311554be
-
SSDEEP
12288:GMrGy905+c1qD86fqGjSTikvLF/ytKFFdAiQM8/NWXWoYwz4rgQxx6OSsx7o01W/:8ya+cK8hbz6tKLdALzFWXYqY36FE7o4c
Static task
static1
Behavioral task
behavioral1
Sample
4cb603c562454a15062327d3acbca5cbce2587e5a873d2b24c6f1df001ec59d7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
4cb603c562454a15062327d3acbca5cbce2587e5a873d2b24c6f1df001ec59d7
-
Size
738KB
-
MD5
a5ebeaaee8aeaadecca6a52c53e2d3a5
-
SHA1
6e8d4b1a6d0cb8e6dfc490b76ae666b4048706ff
-
SHA256
4cb603c562454a15062327d3acbca5cbce2587e5a873d2b24c6f1df001ec59d7
-
SHA512
595fbb516716f4b49abe9f67ed18b9074a58ee937f4ba69a1f79f96f951bd3a1c828db7c20ef2b25f8914e5a645052c3f22897bdac0f7ab3d09fbd6d311554be
-
SSDEEP
12288:GMrGy905+c1qD86fqGjSTikvLF/ytKFFdAiQM8/NWXWoYwz4rgQxx6OSsx7o01W/:8ya+cK8hbz6tKLdALzFWXYqY36FE7o4c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-