General
-
Target
06874999.exe
-
Size
739KB
-
Sample
230606-s5z4asfa4v
-
MD5
302b0f6d712eba3d1a0b8ebf8dc98aec
-
SHA1
6c564fafa65f2ab0b6bd5ea791cac254ab7cf331
-
SHA256
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796
-
SHA512
4d1e5352ecf82540e3ee2b065bb3ca32b1bac2d5291eeb94a8d896b89369b86b09f68943fde2ca6ac50aac2d629bfd8b74f5565c790d7834f2e53368fff634c6
-
SSDEEP
12288:IMrWy90kbJ6cC+DS6NYfJBBHjUmHzf7J3NPS/qygFBreKIvBCJW5yoQP:eyNJTDSdPbN3NPGqyyBrkIJIyvP
Static task
static1
Behavioral task
behavioral1
Sample
06874999.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
06874999.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
06874999.exe
-
Size
739KB
-
MD5
302b0f6d712eba3d1a0b8ebf8dc98aec
-
SHA1
6c564fafa65f2ab0b6bd5ea791cac254ab7cf331
-
SHA256
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796
-
SHA512
4d1e5352ecf82540e3ee2b065bb3ca32b1bac2d5291eeb94a8d896b89369b86b09f68943fde2ca6ac50aac2d629bfd8b74f5565c790d7834f2e53368fff634c6
-
SSDEEP
12288:IMrWy90kbJ6cC+DS6NYfJBBHjUmHzf7J3NPS/qygFBreKIvBCJW5yoQP:eyNJTDSdPbN3NPGqyyBrkIJIyvP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-