General
-
Target
08153099.exe
-
Size
737KB
-
Sample
230606-s6rtbafa5x
-
MD5
8cbd362081a1042c0469f35ab503929c
-
SHA1
28ddb29e27f7b59d45a6dc38a4ded65d3c6ac841
-
SHA256
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
SHA512
b5e52a436138a01fb8222d7122c52936ab4d1b01e14f95e08eb1dc816d4c422649d17cb43d2fd7143af5b86ba01036db7d13eac6e156b4d9e92dc64655c973c1
-
SSDEEP
12288:HMr+y90uCiCEnr+3C0zPlUHlbxW4fnHuArtGxdWi0Bb4lBXt87ELPf:Jy4ib8qHlbxW42aIbW1BMlBdlf
Static task
static1
Behavioral task
behavioral1
Sample
08153099.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
08153099.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
08153099.exe
-
Size
737KB
-
MD5
8cbd362081a1042c0469f35ab503929c
-
SHA1
28ddb29e27f7b59d45a6dc38a4ded65d3c6ac841
-
SHA256
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
SHA512
b5e52a436138a01fb8222d7122c52936ab4d1b01e14f95e08eb1dc816d4c422649d17cb43d2fd7143af5b86ba01036db7d13eac6e156b4d9e92dc64655c973c1
-
SSDEEP
12288:HMr+y90uCiCEnr+3C0zPlUHlbxW4fnHuArtGxdWi0Bb4lBXt87ELPf:Jy4ib8qHlbxW42aIbW1BMlBdlf
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-