General
-
Target
beaff98cd46f091732b162ebf45f1fb45d3cb9edf118365d6d5791f8278a9fad
-
Size
738KB
-
Sample
230606-xfn2ysff4z
-
MD5
215659adccd58cd153279dcf902c00b5
-
SHA1
4d4bab5816b92f5ded06ffea979526559db0df74
-
SHA256
beaff98cd46f091732b162ebf45f1fb45d3cb9edf118365d6d5791f8278a9fad
-
SHA512
a4e315f6949763a0ed4f959f1019c3bb020260de69f8799b8d54cac10dc5b401a53ffd1fade65e304f15f0874fda98c9509c165e571be09fd22a0ec2e0d6fd7e
-
SSDEEP
12288:VMr0y90+43kCTezHtgFr0pH4JUauzhSX6NpDhu0EHDkDlKXVbZSAYP6Sb9JYq:xytAejtgYHsWzhI6Nplu0EHDkQrSAMbn
Static task
static1
Behavioral task
behavioral1
Sample
beaff98cd46f091732b162ebf45f1fb45d3cb9edf118365d6d5791f8278a9fad.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
beaff98cd46f091732b162ebf45f1fb45d3cb9edf118365d6d5791f8278a9fad
-
Size
738KB
-
MD5
215659adccd58cd153279dcf902c00b5
-
SHA1
4d4bab5816b92f5ded06ffea979526559db0df74
-
SHA256
beaff98cd46f091732b162ebf45f1fb45d3cb9edf118365d6d5791f8278a9fad
-
SHA512
a4e315f6949763a0ed4f959f1019c3bb020260de69f8799b8d54cac10dc5b401a53ffd1fade65e304f15f0874fda98c9509c165e571be09fd22a0ec2e0d6fd7e
-
SSDEEP
12288:VMr0y90+43kCTezHtgFr0pH4JUauzhSX6NpDhu0EHDkDlKXVbZSAYP6Sb9JYq:xytAejtgYHsWzhI6Nplu0EHDkQrSAMbn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-