General
-
Target
fotocr45.bin.exe
-
Size
1.0MB
-
Sample
230711-slqqhshf33
-
MD5
d7b13b3240c763bbf7b20d4c9ac09ec4
-
SHA1
f23be3467384eb7139b483170586c83f41bb67c7
-
SHA256
1c58b88c090a05964ed672b5e592371fa354b53423fccdce703a0f9b9411ef0e
-
SHA512
a68a1ae1679d07792913aaa0ca6f1dd160227cb5cec07d2807532bef1485653dfc87b5ff3c99d1290899cf4fb07e0f38ca9ec4b6c6a6dfbdc42f85fa328b8083
-
SSDEEP
24576:9yiYPLNkWXx1qddxxTksOp1yWbCO9ljbxLSJ2lpR:YiMNkEx1qbxxTkzcOb1S6p
Static task
static1
Behavioral task
behavioral1
Sample
fotocr45.bin.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
fotocr45.bin.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
fotocr45.bin.exe
-
Size
1.0MB
-
MD5
d7b13b3240c763bbf7b20d4c9ac09ec4
-
SHA1
f23be3467384eb7139b483170586c83f41bb67c7
-
SHA256
1c58b88c090a05964ed672b5e592371fa354b53423fccdce703a0f9b9411ef0e
-
SHA512
a68a1ae1679d07792913aaa0ca6f1dd160227cb5cec07d2807532bef1485653dfc87b5ff3c99d1290899cf4fb07e0f38ca9ec4b6c6a6dfbdc42f85fa328b8083
-
SSDEEP
24576:9yiYPLNkWXx1qddxxTksOp1yWbCO9ljbxLSJ2lpR:YiMNkEx1qbxxTkzcOb1S6p
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-