General
-
Target
5d7373687456085c92e955acfcf4a5d350cb5f503b13c7eef2416b9b92248c80
-
Size
478KB
-
Sample
230508-t8v47abf79
-
MD5
23d9a020dfa2a8655e67f7e854616448
-
SHA1
4980793e907a4e8db9d067a5b1d285f9a75bf7dd
-
SHA256
5d7373687456085c92e955acfcf4a5d350cb5f503b13c7eef2416b9b92248c80
-
SHA512
374dbe8bb7e7c8c3b3178c242c0f57e54a9866cfd4e68df8d462f060a9b0f7f3120e68b39b50d6cc9020a8ff77d18c03eac7f692403e301dfd3b40de9c1ecf58
-
SSDEEP
12288:1MrZy90tTpFFtGIP5c1u31YTjrepC85q1CvjnA5C:oyUpjbXaTfYm8Ak
Static task
static1
Behavioral task
behavioral1
Sample
5d7373687456085c92e955acfcf4a5d350cb5f503b13c7eef2416b9b92248c80.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maher
217.196.96.101:4132
-
auth_value
c57763165f68aabcf4874e661a1ffbac
Targets
-
-
Target
5d7373687456085c92e955acfcf4a5d350cb5f503b13c7eef2416b9b92248c80
-
Size
478KB
-
MD5
23d9a020dfa2a8655e67f7e854616448
-
SHA1
4980793e907a4e8db9d067a5b1d285f9a75bf7dd
-
SHA256
5d7373687456085c92e955acfcf4a5d350cb5f503b13c7eef2416b9b92248c80
-
SHA512
374dbe8bb7e7c8c3b3178c242c0f57e54a9866cfd4e68df8d462f060a9b0f7f3120e68b39b50d6cc9020a8ff77d18c03eac7f692403e301dfd3b40de9c1ecf58
-
SSDEEP
12288:1MrZy90tTpFFtGIP5c1u31YTjrepC85q1CvjnA5C:oyUpjbXaTfYm8Ak
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-