General
-
Target
0a524b05e10c37732afb3cf8251b44897ce1ed1702037c273040dc5791eef6f1
-
Size
1.1MB
-
Sample
230514-v1d2daeh5w
-
MD5
ae8e4c03d3c104e4f1e94429cee1a7a3
-
SHA1
a031a67c7f8c41f8855b5c72252f89ceacac64ae
-
SHA256
0a524b05e10c37732afb3cf8251b44897ce1ed1702037c273040dc5791eef6f1
-
SHA512
3f89d086b350c891c2d908fb0d356ece03151b5d81576475aa09da05582fbad986db85306370ac249fe124889fb218723ecc1e7cae38ba8e5a6e2efd4dfbc060
-
SSDEEP
24576:WyrlUcAg8ntypfwB5GmCXBVhcjFIAyqt//1:lrSOxpfw2jVrAys
Static task
static1
Behavioral task
behavioral1
Sample
0a524b05e10c37732afb3cf8251b44897ce1ed1702037c273040dc5791eef6f1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
0a524b05e10c37732afb3cf8251b44897ce1ed1702037c273040dc5791eef6f1
-
Size
1.1MB
-
MD5
ae8e4c03d3c104e4f1e94429cee1a7a3
-
SHA1
a031a67c7f8c41f8855b5c72252f89ceacac64ae
-
SHA256
0a524b05e10c37732afb3cf8251b44897ce1ed1702037c273040dc5791eef6f1
-
SHA512
3f89d086b350c891c2d908fb0d356ece03151b5d81576475aa09da05582fbad986db85306370ac249fe124889fb218723ecc1e7cae38ba8e5a6e2efd4dfbc060
-
SSDEEP
24576:WyrlUcAg8ntypfwB5GmCXBVhcjFIAyqt//1:lrSOxpfw2jVrAys
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-