General
-
Target
6a1b06db64db921ffde1e1658e29bf6499fab9ae83be89e287469a383850d3aa
-
Size
738KB
-
Sample
230606-qxa34aed7v
-
MD5
a6e092032d6863b2526c26a205477a84
-
SHA1
b1d8b8cfcc1edda4a3a8dc4ceac46e16297351b4
-
SHA256
6a1b06db64db921ffde1e1658e29bf6499fab9ae83be89e287469a383850d3aa
-
SHA512
a1311c4fa4844ef3cbe9d557b8c9326e39deea1fa087fab203ff894d1d25cc161600be9d7e9d99900e78af3d268cae8ba7eaadca0115050d934dc04bab435eaf
-
SSDEEP
12288:nMrjy90xzPTmiEJ+5JK0ClOBaKia+hZ2om0qmM0kQU1y8CahJsDzM7j4NiHnNdX:cy4zPTmh053ClxatOnmD3sE7j4Nif
Static task
static1
Behavioral task
behavioral1
Sample
6a1b06db64db921ffde1e1658e29bf6499fab9ae83be89e287469a383850d3aa.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
6a1b06db64db921ffde1e1658e29bf6499fab9ae83be89e287469a383850d3aa
-
Size
738KB
-
MD5
a6e092032d6863b2526c26a205477a84
-
SHA1
b1d8b8cfcc1edda4a3a8dc4ceac46e16297351b4
-
SHA256
6a1b06db64db921ffde1e1658e29bf6499fab9ae83be89e287469a383850d3aa
-
SHA512
a1311c4fa4844ef3cbe9d557b8c9326e39deea1fa087fab203ff894d1d25cc161600be9d7e9d99900e78af3d268cae8ba7eaadca0115050d934dc04bab435eaf
-
SSDEEP
12288:nMrjy90xzPTmiEJ+5JK0ClOBaKia+hZ2om0qmM0kQU1y8CahJsDzM7j4NiHnNdX:cy4zPTmh053ClxatOnmD3sE7j4Nif
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-