General
-
Target
tmp
-
Size
13.5MB
-
Sample
230421-xwxn2abd3w
-
MD5
9f390e9ca00464a6f7e1ce321baceb22
-
SHA1
d5d813e0bad5c64cd95b23919eba1432778b7965
-
SHA256
255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7
-
SHA512
54b958487f40537c80374acb37d0cec27bb169fc5549768fb05a161de1a10546cea7c6be1d59df5fb615ed8285f0bf03f33203a1ec0a28fcc6694497e6a6ee2f
-
SSDEEP
393216:M1xsX4B8eD3F+oI9KtC9I5cfZLxsaZf4nT70mrsMYd:M1GI9FQmOfZLSP0Qc
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
5350206221
195.20.17.139:80
-
auth_value
cf75908d75b4508135a38c8679c86f6e
Targets
-
-
Target
tmp
-
Size
13.5MB
-
MD5
9f390e9ca00464a6f7e1ce321baceb22
-
SHA1
d5d813e0bad5c64cd95b23919eba1432778b7965
-
SHA256
255cb2aeeac6f7dd8359b29b0fbbb02122683894e061b6b305684e396fef85a7
-
SHA512
54b958487f40537c80374acb37d0cec27bb169fc5549768fb05a161de1a10546cea7c6be1d59df5fb615ed8285f0bf03f33203a1ec0a28fcc6694497e6a6ee2f
-
SSDEEP
393216:M1xsX4B8eD3F+oI9KtC9I5cfZLxsaZf4nT70mrsMYd:M1GI9FQmOfZLSP0Qc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-