General
-
Target
1bd24665e29331f412419be9eecdf8b1aba02fc7b1fa1b7e73f8077e9fc8eaa2
-
Size
737KB
-
Sample
230606-xjdemafa76
-
MD5
f5da7dfde94d80be20e2705923c82bd4
-
SHA1
c56e0be6ac8443d8b1ef09d7f189400238a174cb
-
SHA256
1bd24665e29331f412419be9eecdf8b1aba02fc7b1fa1b7e73f8077e9fc8eaa2
-
SHA512
1af5ab1fc81e736360fa36f0a105e09c4745a1d663f7b2a169d6e9211b234d4dba0f462e9e34c7fef0656b6e66b7d90185a683ad0f41b08f9fc99baaa940b1fb
-
SSDEEP
12288:EMr1y90kH3RKjcU0hU4OSCuXQzWs9tiPjNIdjnw2J2tbeld5UCANnUHWXqWwq8HR:ZyBH3RLMShA6uiPjNId9aWUpNUHW6LqS
Static task
static1
Behavioral task
behavioral1
Sample
1bd24665e29331f412419be9eecdf8b1aba02fc7b1fa1b7e73f8077e9fc8eaa2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
1bd24665e29331f412419be9eecdf8b1aba02fc7b1fa1b7e73f8077e9fc8eaa2
-
Size
737KB
-
MD5
f5da7dfde94d80be20e2705923c82bd4
-
SHA1
c56e0be6ac8443d8b1ef09d7f189400238a174cb
-
SHA256
1bd24665e29331f412419be9eecdf8b1aba02fc7b1fa1b7e73f8077e9fc8eaa2
-
SHA512
1af5ab1fc81e736360fa36f0a105e09c4745a1d663f7b2a169d6e9211b234d4dba0f462e9e34c7fef0656b6e66b7d90185a683ad0f41b08f9fc99baaa940b1fb
-
SSDEEP
12288:EMr1y90kH3RKjcU0hU4OSCuXQzWs9tiPjNIdjnw2J2tbeld5UCANnUHWXqWwq8HR:ZyBH3RLMShA6uiPjNId9aWUpNUHW6LqS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-