General
-
Target
88537dcaf56098b20724f581fe512e48b681ee36e3c73644554e35ab2b75c167
-
Size
1.1MB
-
Sample
230514-v6rjnaeh6z
-
MD5
7c0ce83d8245de4b4c63488827a8bea1
-
SHA1
843e99245122327b2c70a4b74d5cf6b913c1d398
-
SHA256
88537dcaf56098b20724f581fe512e48b681ee36e3c73644554e35ab2b75c167
-
SHA512
b904cc02d301bf3d87df7b6633ad552efcf36a3307281e1433629043836b46b99eb7b9914e55df2bb20c1458dd626c4887fc63228eb3694d090b5021ae7ee369
-
SSDEEP
24576:SyFwn9qsXW638ne+wGddGVi1Bg9fPhqXeGF2w8PZy8ER0E+Y:5F+1G6IpwGddGPFPkGw8RNE
Static task
static1
Behavioral task
behavioral1
Sample
88537dcaf56098b20724f581fe512e48b681ee36e3c73644554e35ab2b75c167.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
88537dcaf56098b20724f581fe512e48b681ee36e3c73644554e35ab2b75c167
-
Size
1.1MB
-
MD5
7c0ce83d8245de4b4c63488827a8bea1
-
SHA1
843e99245122327b2c70a4b74d5cf6b913c1d398
-
SHA256
88537dcaf56098b20724f581fe512e48b681ee36e3c73644554e35ab2b75c167
-
SHA512
b904cc02d301bf3d87df7b6633ad552efcf36a3307281e1433629043836b46b99eb7b9914e55df2bb20c1458dd626c4887fc63228eb3694d090b5021ae7ee369
-
SSDEEP
24576:SyFwn9qsXW638ne+wGddGVi1Bg9fPhqXeGF2w8PZy8ER0E+Y:5F+1G6IpwGddGPFPkGw8RNE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-