General
-
Target
b1f2fc5a81e68ab6a95ca05ec0ccd63a.bin
-
Size
1.0MB
-
Sample
230411-btawlahg44
-
MD5
1eda7d0da4cfe9de0c5efdded08aaab5
-
SHA1
08fb25615c6ee7df47e9c3c2321225649fda23d4
-
SHA256
31c01bd6bcf0b363e292968a5a76250d69bd253d58e80974d5ac0cdbd24e01d7
-
SHA512
4044c3dbb32fff272a4d0cba95cc321323f02dd78e09546e31df27403e6b8068db194f53a492b0d7e3aab73bfa13e9276b558e84a14e2ac1f4a7104b7beb4829
-
SSDEEP
24576:HiH+N7QKqQ5byTEU+osm2zWNdLREqGVwId8SQOi:HrN7QKqk2EU+o3vFWVwId8SNi
Static task
static1
Behavioral task
behavioral1
Sample
524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
lenox
77.91.124.145:4125
-
auth_value
a5c9c17a250a084c5fd706c1df7c2d4e
Targets
-
-
Target
524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824.exe
-
Size
1.1MB
-
MD5
b1f2fc5a81e68ab6a95ca05ec0ccd63a
-
SHA1
4f8ac877f4311dea63e77338a03f0c6bd78e58a3
-
SHA256
524d7e16c4c30a4fdfce69072dac315987012644c0729903f58bb59eb2869824
-
SHA512
941ea6d8daf590b1cd0653b4743c2a62a66750cafdfd7381cab8a3d2cd984e222bb2f1614bdbbd9bc3574b5bed19c4e8449b3b997fc0c57c0a852670406d7baa
-
SSDEEP
24576:0yg091YssYKPdNny2kMxvIdz0qbZX2zZIwEF8bYb9V3S:Dr1YsbKrnrkMxAd/mzZQF8sJB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-