General
-
Target
fba9a3c5c886564016febbc57daedd45ddf797ec774d82b75c79b77cf3691c41
-
Size
738KB
-
Sample
230606-xm98rsff71
-
MD5
0b4295c6a60852313ad38faad26bb12f
-
SHA1
60ba6ce2208dcee0e4fd823048a8c26f4365ea6b
-
SHA256
fba9a3c5c886564016febbc57daedd45ddf797ec774d82b75c79b77cf3691c41
-
SHA512
19119563e006bd2042d5f4628a0ce17c432edb11460c7fe7ff84a32477617dc1eecf873c15266effedb6654311b983bf35f146c3ec5d341e5d4ad1900a775f88
-
SSDEEP
12288:8Mray90zkNRjkE/nrWww7//3TMkXPfuC8Z9znUSrDJoI0nqVoAnp+N:myzrjkE/nre/jLngZl03nqVbngN
Static task
static1
Behavioral task
behavioral1
Sample
fba9a3c5c886564016febbc57daedd45ddf797ec774d82b75c79b77cf3691c41.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
fba9a3c5c886564016febbc57daedd45ddf797ec774d82b75c79b77cf3691c41
-
Size
738KB
-
MD5
0b4295c6a60852313ad38faad26bb12f
-
SHA1
60ba6ce2208dcee0e4fd823048a8c26f4365ea6b
-
SHA256
fba9a3c5c886564016febbc57daedd45ddf797ec774d82b75c79b77cf3691c41
-
SHA512
19119563e006bd2042d5f4628a0ce17c432edb11460c7fe7ff84a32477617dc1eecf873c15266effedb6654311b983bf35f146c3ec5d341e5d4ad1900a775f88
-
SSDEEP
12288:8Mray90zkNRjkE/nrWww7//3TMkXPfuC8Z9znUSrDJoI0nqVoAnp+N:myzrjkE/nre/jLngZl03nqVbngN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-