General
-
Target
6be535e0d34b7d84565618e9bb7e17b078d3be45cca077b89f7a739ddb7e7140
-
Size
713KB
-
Sample
230606-ydrwhafc53
-
MD5
ae0585ec454433acc27e248239bc32fc
-
SHA1
ca936f70d810ea9a5e42402aa929ec6ead9044ea
-
SHA256
6be535e0d34b7d84565618e9bb7e17b078d3be45cca077b89f7a739ddb7e7140
-
SHA512
2dec6739e3614aac97db36b15f1fca606012c94c6c8871fba6a8905f32947edffd7514e21b4abcc356407129107693f62c9d515286f71cce1b3ca1a0ba17fcda
-
SSDEEP
12288:BMrZy90oWa2mFqpKNIMeeQIV7GpoY0SHxmmXz/MBzhBadkXYk/:wyC9mF8KNI9eQIpGZdHxzyauXYk/
Static task
static1
Behavioral task
behavioral1
Sample
6be535e0d34b7d84565618e9bb7e17b078d3be45cca077b89f7a739ddb7e7140.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
6be535e0d34b7d84565618e9bb7e17b078d3be45cca077b89f7a739ddb7e7140
-
Size
713KB
-
MD5
ae0585ec454433acc27e248239bc32fc
-
SHA1
ca936f70d810ea9a5e42402aa929ec6ead9044ea
-
SHA256
6be535e0d34b7d84565618e9bb7e17b078d3be45cca077b89f7a739ddb7e7140
-
SHA512
2dec6739e3614aac97db36b15f1fca606012c94c6c8871fba6a8905f32947edffd7514e21b4abcc356407129107693f62c9d515286f71cce1b3ca1a0ba17fcda
-
SSDEEP
12288:BMrZy90oWa2mFqpKNIMeeQIV7GpoY0SHxmmXz/MBzhBadkXYk/:wyC9mF8KNI9eQIpGZdHxzyauXYk/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-