General
-
Target
2c469c8b1906c5fb05de57710cc45bb1aa66dcf8218e78b0a99473150ea4a0b7
-
Size
738KB
-
Sample
230606-tywyqsef22
-
MD5
54b8ad12ef715f8c6e697f9c2dd39a11
-
SHA1
2ab08de002532477bdc5ab009c23ca5a598774ed
-
SHA256
2c469c8b1906c5fb05de57710cc45bb1aa66dcf8218e78b0a99473150ea4a0b7
-
SHA512
0dcdf06202fc2ff783510f6e4e75c08992ad796ae142344a2b72cdf89e955ae9f038faa3e9ce6d05b2c40b341e7da1b178cd66148b4d64b87b92273d9b08c9eb
-
SSDEEP
12288:KMrky90AVtWO6UXsta+FB8BTUOYcskjOwvOcvO/nC40HNOCq9AL+AU:iy/nGtPFOPYcROncvaV0HoCq2KAU
Static task
static1
Behavioral task
behavioral1
Sample
2c469c8b1906c5fb05de57710cc45bb1aa66dcf8218e78b0a99473150ea4a0b7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
2c469c8b1906c5fb05de57710cc45bb1aa66dcf8218e78b0a99473150ea4a0b7
-
Size
738KB
-
MD5
54b8ad12ef715f8c6e697f9c2dd39a11
-
SHA1
2ab08de002532477bdc5ab009c23ca5a598774ed
-
SHA256
2c469c8b1906c5fb05de57710cc45bb1aa66dcf8218e78b0a99473150ea4a0b7
-
SHA512
0dcdf06202fc2ff783510f6e4e75c08992ad796ae142344a2b72cdf89e955ae9f038faa3e9ce6d05b2c40b341e7da1b178cd66148b4d64b87b92273d9b08c9eb
-
SSDEEP
12288:KMrky90AVtWO6UXsta+FB8BTUOYcskjOwvOcvO/nC40HNOCq9AL+AU:iy/nGtPFOPYcROncvaV0HoCq2KAU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-