General
-
Target
da81cec4bd62cfa042499291c3d161d8a511edc74811eee89d49b7870fcd57cd
-
Size
1.1MB
-
Sample
230514-t92y5ace29
-
MD5
615ecbbaea3211c9b0495f1d0239344d
-
SHA1
9346ef30e8774242a87112cd0d910381d57401ff
-
SHA256
da81cec4bd62cfa042499291c3d161d8a511edc74811eee89d49b7870fcd57cd
-
SHA512
55c6da74dfdab3090a139b9fdd0085bcab2189d2f79dbe232e9e8ea6a231f6516f35bcd0c3b55a65d7e3d514ff774c3a6895423085fb7308d72a5376b5be2dc5
-
SSDEEP
24576:oyscDw1V8NpuYCWCXHKlHrmWodEEICnIc0REkV:vsckTku7lXHhBuP
Static task
static1
Behavioral task
behavioral1
Sample
da81cec4bd62cfa042499291c3d161d8a511edc74811eee89d49b7870fcd57cd.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
da81cec4bd62cfa042499291c3d161d8a511edc74811eee89d49b7870fcd57cd
-
Size
1.1MB
-
MD5
615ecbbaea3211c9b0495f1d0239344d
-
SHA1
9346ef30e8774242a87112cd0d910381d57401ff
-
SHA256
da81cec4bd62cfa042499291c3d161d8a511edc74811eee89d49b7870fcd57cd
-
SHA512
55c6da74dfdab3090a139b9fdd0085bcab2189d2f79dbe232e9e8ea6a231f6516f35bcd0c3b55a65d7e3d514ff774c3a6895423085fb7308d72a5376b5be2dc5
-
SSDEEP
24576:oyscDw1V8NpuYCWCXHKlHrmWodEEICnIc0REkV:vsckTku7lXHhBuP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-