General
-
Target
302b0f6d712eba3d1a0b8ebf8dc98aec.bin
-
Size
695KB
-
Sample
230608-bk6xnsab99
-
MD5
2b61636ffdfcc85a18370ccd6a959e3f
-
SHA1
1031c5e13868fb4379a9fe2d90db08784a9b7ec4
-
SHA256
0c4062869a261fa4fc259ba7e42469d7cf25aad8ffad180aacd66e681a95e4a0
-
SHA512
3ced7a58efdfbb98505060a079139b40cf325fbb586440059489253bdd0128f44501ae02db0697098cd6e177ea0f4f5a150f67e9c96f00440ab02136b7e3664f
-
SSDEEP
12288:ac6KybTQhrd0C25pnTyWbC90OkOZP4rb70HXsE9lh5nfTHLjGU99BUOu2Kz:aPRbMX0C2vTvCaOkOFamXsE9pnjnBjeV
Static task
static1
Behavioral task
behavioral1
Sample
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796.exe
-
Size
739KB
-
MD5
302b0f6d712eba3d1a0b8ebf8dc98aec
-
SHA1
6c564fafa65f2ab0b6bd5ea791cac254ab7cf331
-
SHA256
65141035941017854ad4ac7a2ad9ff6e553da933a2311843f2144366946a2796
-
SHA512
4d1e5352ecf82540e3ee2b065bb3ca32b1bac2d5291eeb94a8d896b89369b86b09f68943fde2ca6ac50aac2d629bfd8b74f5565c790d7834f2e53368fff634c6
-
SSDEEP
12288:IMrWy90kbJ6cC+DS6NYfJBBHjUmHzf7J3NPS/qygFBreKIvBCJW5yoQP:eyNJTDSdPbN3NPGqyyBrkIJIyvP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-