General
-
Target
tmp
-
Size
852KB
-
Sample
230416-enj4vsgh52
-
MD5
9242073efee74a0b32156d931e70d902
-
SHA1
19bba236a058e4083fcfc3771b75ca73e1b4522c
-
SHA256
ff19ac956ccbf295cf9364d8cca046c7bd4c01758ae584e518d232f7d79cbf2c
-
SHA512
e08f0778e968ad2b0f29a9ff9a5ca0ebc0f91b7bc5bc3f2cbcb18da01e1522c5e26591fb71869593ea634f51e9dcd05b78f53a1a61ef51f8fb91d2865f85e3b0
-
SSDEEP
24576:syFs53JHim2gszlC/iftA2238wJON1Au2:bFs59im2zz2iftTS8v1
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
diza
185.161.248.90:4125
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
tmp
-
Size
852KB
-
MD5
9242073efee74a0b32156d931e70d902
-
SHA1
19bba236a058e4083fcfc3771b75ca73e1b4522c
-
SHA256
ff19ac956ccbf295cf9364d8cca046c7bd4c01758ae584e518d232f7d79cbf2c
-
SHA512
e08f0778e968ad2b0f29a9ff9a5ca0ebc0f91b7bc5bc3f2cbcb18da01e1522c5e26591fb71869593ea634f51e9dcd05b78f53a1a61ef51f8fb91d2865f85e3b0
-
SSDEEP
24576:syFs53JHim2gszlC/iftA2238wJON1Au2:bFs59im2zz2iftTS8v1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-