General
-
Target
fb74d6f918c6fa811b685c62d46c82f9e65ef5c3644b25b5a4e1216de7db0950
-
Size
1.1MB
-
Sample
230514-t7d5aaeg5x
-
MD5
e7d2d12785d8e6615185e7781553de44
-
SHA1
c59229ece05fbf9a5d78097abb370729ac8203d1
-
SHA256
fb74d6f918c6fa811b685c62d46c82f9e65ef5c3644b25b5a4e1216de7db0950
-
SHA512
1782bdf5f18fe09199676777645a5fc42b3f6d7ba561d6aac1e7f97dff41c20186cf5af7c601793d8521c4c8f396bb17f9855440ae7c0106cc3ab8fadf454ba7
-
SSDEEP
24576:fydjVfPxQtaD6cLvLG1/aLHTa9aPhhwM/XjZ4:qlVfPWGFLvLS/kpzB/X1
Static task
static1
Behavioral task
behavioral1
Sample
fb74d6f918c6fa811b685c62d46c82f9e65ef5c3644b25b5a4e1216de7db0950.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Extracted
redline
37.220.87.13:48790
-
auth_value
99262e812dcb95475f78d93e77141920
Targets
-
-
Target
fb74d6f918c6fa811b685c62d46c82f9e65ef5c3644b25b5a4e1216de7db0950
-
Size
1.1MB
-
MD5
e7d2d12785d8e6615185e7781553de44
-
SHA1
c59229ece05fbf9a5d78097abb370729ac8203d1
-
SHA256
fb74d6f918c6fa811b685c62d46c82f9e65ef5c3644b25b5a4e1216de7db0950
-
SHA512
1782bdf5f18fe09199676777645a5fc42b3f6d7ba561d6aac1e7f97dff41c20186cf5af7c601793d8521c4c8f396bb17f9855440ae7c0106cc3ab8fadf454ba7
-
SSDEEP
24576:fydjVfPxQtaD6cLvLG1/aLHTa9aPhhwM/XjZ4:qlVfPWGFLvLS/kpzB/X1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-