General
-
Target
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef
-
Size
1.5MB
-
Sample
230507-c2wcyaee99
-
MD5
ea5ed9654b4ce23a5948aa86766eeda1
-
SHA1
c2c60c90dca3ff084a4d9f796708c7003f397814
-
SHA256
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef
-
SHA512
07adb3c1ce5bc2d691a67eb1c58f13831a1351abe482e31e6106096a0cc57995459fde3dbb02a7f03e898baec5d9bccb3b253f453edcd25ba4d4d0c40b28121d
-
SSDEEP
24576:LyAdAU7rbU4vA5U9k4JYlmlQtPn+KQ7fzC4zOc9UArjwX4HMN8heZQ29rSs3kH+o:+iAU7E1+5YoatPOfzC4zDuA3weM+heZv
Static task
static1
Behavioral task
behavioral1
Sample
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef
-
Size
1.5MB
-
MD5
ea5ed9654b4ce23a5948aa86766eeda1
-
SHA1
c2c60c90dca3ff084a4d9f796708c7003f397814
-
SHA256
5f2e4c64c56ecf2d08d5fb68cb49bbb832e25c93b107f8e57327d603aaf2b6ef
-
SHA512
07adb3c1ce5bc2d691a67eb1c58f13831a1351abe482e31e6106096a0cc57995459fde3dbb02a7f03e898baec5d9bccb3b253f453edcd25ba4d4d0c40b28121d
-
SSDEEP
24576:LyAdAU7rbU4vA5U9k4JYlmlQtPn+KQ7fzC4zOc9UArjwX4HMN8heZQ29rSs3kH+o:+iAU7E1+5YoatPOfzC4zDuA3weM+heZv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-