General
-
Target
08723799.exe
-
Size
738KB
-
Sample
230606-s67vjafa6w
-
MD5
ce8e78f602a55a5952ead887f3e632d5
-
SHA1
1a12e0a2a4ad9307270c61649f3262b26209e7e4
-
SHA256
f96e2f36eb80d62032e1266804efadc3d35926cff9dd6fed1461af79cffa236a
-
SHA512
b903698d11c96ba0a6297332e919d5c14d542cb07554e9b84afbf7e4a58b3d8753a4887d1f8c9d1793d1c0bbab45d5bc66efd7f028e23ed47f501aab211fa945
-
SSDEEP
12288:4Mrdy9044PkO6cExehlE0SMrEaploc2SOJOuSxo0PW4xyZf8A5BRyP1/+:lyFncEx0l5Jp2SOM5x1WIyZFB8P1/+
Static task
static1
Behavioral task
behavioral1
Sample
08723799.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08723799.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
08723799.exe
-
Size
738KB
-
MD5
ce8e78f602a55a5952ead887f3e632d5
-
SHA1
1a12e0a2a4ad9307270c61649f3262b26209e7e4
-
SHA256
f96e2f36eb80d62032e1266804efadc3d35926cff9dd6fed1461af79cffa236a
-
SHA512
b903698d11c96ba0a6297332e919d5c14d542cb07554e9b84afbf7e4a58b3d8753a4887d1f8c9d1793d1c0bbab45d5bc66efd7f028e23ed47f501aab211fa945
-
SSDEEP
12288:4Mrdy9044PkO6cExehlE0SMrEaploc2SOJOuSxo0PW4xyZf8A5BRyP1/+:lyFncEx0l5Jp2SOM5x1WIyZFB8P1/+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-