General
-
Target
a58ab00caff9fdeb46441b5cfd71b1d9.bin
-
Size
1.0MB
-
Sample
230411-bsyahahg43
-
MD5
e372539e71742e9743f41859c0fa9a00
-
SHA1
29902abd66f44b6da3f228b007edb77d8a1ea10e
-
SHA256
a5347175219addd92521491deb0f0ffd3221ab9626dab1d6c8cc707bc0822898
-
SHA512
93f87b25a3452502d8f95e9983226ccc8354046a253bfc041935c5efd2076fbd5c6f49410e1eb804b59a0d911b11db05b8dc2564b22152eb61326c2e1538459b
-
SSDEEP
24576:ukAG19J54jvU/Bt/K+YzGvR6HmhE1DWjTdYLP+/2vAEzD+NH:u3KJm4/XXygh+DwTdYjAq+NH
Static task
static1
Behavioral task
behavioral1
Sample
e76fdd7562616c27d27357bdb911668d157068e1cbaae1232214228e353ed2a2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e76fdd7562616c27d27357bdb911668d157068e1cbaae1232214228e353ed2a2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Targets
-
-
Target
e76fdd7562616c27d27357bdb911668d157068e1cbaae1232214228e353ed2a2.exe
-
Size
1.1MB
-
MD5
a58ab00caff9fdeb46441b5cfd71b1d9
-
SHA1
6d1445051fc98b4e97cb2a2bb8b51c811db2b07c
-
SHA256
e76fdd7562616c27d27357bdb911668d157068e1cbaae1232214228e353ed2a2
-
SHA512
4672209fc162e67f37c26e019aa9d1e5a9bbe5bbcf3bdef2930c5b427ad859efb897f7086cadf247da90b3165971801638c78cebfeefffd6a568944580fa866f
-
SSDEEP
24576:Ny5B68euD9k8sTNnBZA8fkPg9KZO7Rjo/9yJ+q:o5B68euD5wng8fe4KlC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-