General
-
Target
2ec52981ea279df8f74de6852e781bfd87162704e9b85f32e181b3d739cd4a00
-
Size
723KB
-
Sample
230606-y21tbaga8x
-
MD5
2ba1eaa9c928f5f6ab47a56668ba1708
-
SHA1
afeaad60777b0b8c59a2fb2c5f7fbb400c1ab522
-
SHA256
2ec52981ea279df8f74de6852e781bfd87162704e9b85f32e181b3d739cd4a00
-
SHA512
358684c4fc2f5628c8e1b83afc768bc228ddcc80c214f9773c2a2b5a51f3ff9e278aee4d62a957b9e8cf3e96c31accf87bd763df24050095ecedff7bf1332fe4
-
SSDEEP
12288:9Mrvy904BLkdPw6++hQCAdZmZ3NQkm03IAvWnv35/ski7SXnSIstTjyXV97U6s:KyPBINXhQ5Zq3Gk14JR/sUXnSIst6/7s
Static task
static1
Behavioral task
behavioral1
Sample
2ec52981ea279df8f74de6852e781bfd87162704e9b85f32e181b3d739cd4a00.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
2ec52981ea279df8f74de6852e781bfd87162704e9b85f32e181b3d739cd4a00
-
Size
723KB
-
MD5
2ba1eaa9c928f5f6ab47a56668ba1708
-
SHA1
afeaad60777b0b8c59a2fb2c5f7fbb400c1ab522
-
SHA256
2ec52981ea279df8f74de6852e781bfd87162704e9b85f32e181b3d739cd4a00
-
SHA512
358684c4fc2f5628c8e1b83afc768bc228ddcc80c214f9773c2a2b5a51f3ff9e278aee4d62a957b9e8cf3e96c31accf87bd763df24050095ecedff7bf1332fe4
-
SSDEEP
12288:9Mrvy904BLkdPw6++hQCAdZmZ3NQkm03IAvWnv35/ski7SXnSIstTjyXV97U6s:KyPBINXhQ5Zq3Gk14JR/sUXnSIst6/7s
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-