General
-
Target
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f.bin
-
Size
1.7MB
-
Sample
230507-cyv8rsec34
-
MD5
ee55cfd333823bfeacb90ceaf8539182
-
SHA1
16fd03cab27e2a955e2265a56a064fecd4fa46c2
-
SHA256
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f
-
SHA512
b425000a836a241b1a2d42d06af01904c0b8eaa5273e0af903abeb3ac026bf1fffc010ad3b3030803c88a31759eb1e642a4ee62da18e1dd758227286937e3fd9
-
SSDEEP
49152:26IDkBzrFT4d+jztAMB+u1Fz5Ae+yI9HdygwLdBbOqOVMi:Qap4dktAK+uHNh7IJ0dLXdUMi
Static task
static1
Behavioral task
behavioral1
Sample
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f.bin
-
Size
1.7MB
-
MD5
ee55cfd333823bfeacb90ceaf8539182
-
SHA1
16fd03cab27e2a955e2265a56a064fecd4fa46c2
-
SHA256
5d245b87e70ea1d92361d0b55ac8c4d6bfa9ed0e9445df603649309c62aadb3f
-
SHA512
b425000a836a241b1a2d42d06af01904c0b8eaa5273e0af903abeb3ac026bf1fffc010ad3b3030803c88a31759eb1e642a4ee62da18e1dd758227286937e3fd9
-
SSDEEP
49152:26IDkBzrFT4d+jztAMB+u1Fz5Ae+yI9HdygwLdBbOqOVMi:Qap4dktAK+uHNh7IJ0dLXdUMi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-