General
-
Target
06e71066e21b6d9f9e134f1ad4e7ab7d0b80e595a331132712b1a62e7d0aacaf
-
Size
752KB
-
Sample
230608-gnpepadd3y
-
MD5
3919876d077ecb835365ebed346237c0
-
SHA1
896c7fe4372418bb1f470a0d696a90c53fe9e702
-
SHA256
06e71066e21b6d9f9e134f1ad4e7ab7d0b80e595a331132712b1a62e7d0aacaf
-
SHA512
a9fbd20d76dade56a2cc420f76d02c217520a3106bc631670e9da297745f2f7eccea2be472e27bd0fc7638192e99ddb650f52eebe33c260879c02aa9243343c3
-
SSDEEP
12288:bMrNy901hDBAsUAzVxZCdkV0ExOCT+T8At7qm2680fal41J0NQa+dUOdJGFYjWi:+yuLZUAzoTiOss7k65zaACmcFK
Static task
static1
Behavioral task
behavioral1
Sample
06e71066e21b6d9f9e134f1ad4e7ab7d0b80e595a331132712b1a62e7d0aacaf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
06e71066e21b6d9f9e134f1ad4e7ab7d0b80e595a331132712b1a62e7d0aacaf
-
Size
752KB
-
MD5
3919876d077ecb835365ebed346237c0
-
SHA1
896c7fe4372418bb1f470a0d696a90c53fe9e702
-
SHA256
06e71066e21b6d9f9e134f1ad4e7ab7d0b80e595a331132712b1a62e7d0aacaf
-
SHA512
a9fbd20d76dade56a2cc420f76d02c217520a3106bc631670e9da297745f2f7eccea2be472e27bd0fc7638192e99ddb650f52eebe33c260879c02aa9243343c3
-
SSDEEP
12288:bMrNy901hDBAsUAzVxZCdkV0ExOCT+T8At7qm2680fal41J0NQa+dUOdJGFYjWi:+yuLZUAzoTiOss7k65zaACmcFK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-