General
-
Target
33e3443cc9c0709771b3a08aa81b196a62d32f384c5862937db75f09bba52430
-
Size
1.1MB
-
Sample
230514-vfwqpace49
-
MD5
ae6d2b8ff2d8407fdd8ffa9e8a780814
-
SHA1
991f6f421629b87767e706628c1db5df0678aaed
-
SHA256
33e3443cc9c0709771b3a08aa81b196a62d32f384c5862937db75f09bba52430
-
SHA512
0e1c852122b15e1afee82eea241ec1a618c031b416b814db3c8e1c28c6962051fb791c9b334bc7588d8f8dde29d38c6daeefc565553f46d5d757c00be08b58a8
-
SSDEEP
24576:qyx1S3S7pBOoXiVYm1cWtzW60qe/c7nh3G1QkAL+0v6AP:xG3SNZXM1cWt660qeSR36A
Static task
static1
Behavioral task
behavioral1
Sample
33e3443cc9c0709771b3a08aa81b196a62d32f384c5862937db75f09bba52430.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
33e3443cc9c0709771b3a08aa81b196a62d32f384c5862937db75f09bba52430
-
Size
1.1MB
-
MD5
ae6d2b8ff2d8407fdd8ffa9e8a780814
-
SHA1
991f6f421629b87767e706628c1db5df0678aaed
-
SHA256
33e3443cc9c0709771b3a08aa81b196a62d32f384c5862937db75f09bba52430
-
SHA512
0e1c852122b15e1afee82eea241ec1a618c031b416b814db3c8e1c28c6962051fb791c9b334bc7588d8f8dde29d38c6daeefc565553f46d5d757c00be08b58a8
-
SSDEEP
24576:qyx1S3S7pBOoXiVYm1cWtzW60qe/c7nh3G1QkAL+0v6AP:xG3SNZXM1cWt660qeSR36A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-