General
-
Target
3f953b7250b78641f39f43b9679d7c6c967e8cf4802111eaf338544fdda5bc1d
-
Size
739KB
-
Sample
230606-qpfnlsdg99
-
MD5
3684c8be1f7b0e3dbcfdfea2e86bb30b
-
SHA1
0cf3c61103cdeb25af3f1a0b1d9b16f7a96c5939
-
SHA256
3f953b7250b78641f39f43b9679d7c6c967e8cf4802111eaf338544fdda5bc1d
-
SHA512
2e7c56b2bf8accef8b7503d603e6a87c43020b6882dfa31962af7ccfe07071043f4497baf784018924cbc96060e306d070aa13e8c8139393a05641c3d804f0bf
-
SSDEEP
12288:aMrsy90O1K4Nec7SqvZw8wnJ2Q2GNuolfps1j0zlyQqDMLdiDs:6yJjNeepfwJ2GU56yrD0diDs
Static task
static1
Behavioral task
behavioral1
Sample
3f953b7250b78641f39f43b9679d7c6c967e8cf4802111eaf338544fdda5bc1d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
3f953b7250b78641f39f43b9679d7c6c967e8cf4802111eaf338544fdda5bc1d
-
Size
739KB
-
MD5
3684c8be1f7b0e3dbcfdfea2e86bb30b
-
SHA1
0cf3c61103cdeb25af3f1a0b1d9b16f7a96c5939
-
SHA256
3f953b7250b78641f39f43b9679d7c6c967e8cf4802111eaf338544fdda5bc1d
-
SHA512
2e7c56b2bf8accef8b7503d603e6a87c43020b6882dfa31962af7ccfe07071043f4497baf784018924cbc96060e306d070aa13e8c8139393a05641c3d804f0bf
-
SSDEEP
12288:aMrsy90O1K4Nec7SqvZw8wnJ2Q2GNuolfps1j0zlyQqDMLdiDs:6yJjNeepfwJ2GU56yrD0diDs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-