General
-
Target
bc1fa02c1801ab9da119e88fb1d8bfcef480f974c68d55a8c1440a3c2c67ab78
-
Size
1.1MB
-
Sample
230514-v7cf5aeh61
-
MD5
a58e726ec6307be35a85ee4787838755
-
SHA1
47a7acfa037d03aba8e34f54ee53362b8bbe2669
-
SHA256
bc1fa02c1801ab9da119e88fb1d8bfcef480f974c68d55a8c1440a3c2c67ab78
-
SHA512
09d93305ca21727389738532ea95702af18fdadfce46c872cd6e76c818dcba4bee9616867e5c644ff8500fc83ea8a4799dd2bc2548d5e83464c504d21fc0fd2d
-
SSDEEP
24576:fyQJnZ1TrVvOwhl/v1em0SAyI0dvbxLZKqT3FkNq:qQJLTrVvOaxb0kIg1LZKqLFkN
Static task
static1
Behavioral task
behavioral1
Sample
bc1fa02c1801ab9da119e88fb1d8bfcef480f974c68d55a8c1440a3c2c67ab78.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
bc1fa02c1801ab9da119e88fb1d8bfcef480f974c68d55a8c1440a3c2c67ab78
-
Size
1.1MB
-
MD5
a58e726ec6307be35a85ee4787838755
-
SHA1
47a7acfa037d03aba8e34f54ee53362b8bbe2669
-
SHA256
bc1fa02c1801ab9da119e88fb1d8bfcef480f974c68d55a8c1440a3c2c67ab78
-
SHA512
09d93305ca21727389738532ea95702af18fdadfce46c872cd6e76c818dcba4bee9616867e5c644ff8500fc83ea8a4799dd2bc2548d5e83464c504d21fc0fd2d
-
SSDEEP
24576:fyQJnZ1TrVvOwhl/v1em0SAyI0dvbxLZKqT3FkNq:qQJLTrVvOaxb0kIg1LZKqLFkN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-