General
-
Target
16e22fc928eb80237fbac2421fcfd7e6c3dc0eda5709485108dce9d70b5e277f
-
Size
1.1MB
-
Sample
230514-vlg5gseg9t
-
MD5
f69dbc7ed3eaa5c7a797e106efa1f332
-
SHA1
1a5b894c62c7897e794fa2557597568a92a6676e
-
SHA256
16e22fc928eb80237fbac2421fcfd7e6c3dc0eda5709485108dce9d70b5e277f
-
SHA512
c780c6048acda32b1f53cf7c6a9572094b213fe4459a7fac918c06d92c15068f8d6e018dd9eff6dcb8a1618e502c0a29f62eb0005aaef54e8e90cdb27376c3d3
-
SSDEEP
24576:ay1wJN1CafVgO3iH9jsCpmj8wYkQYxTqZFHK5:h1wJbJVgT2Cmj8wYZsqZQ
Static task
static1
Behavioral task
behavioral1
Sample
16e22fc928eb80237fbac2421fcfd7e6c3dc0eda5709485108dce9d70b5e277f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
16e22fc928eb80237fbac2421fcfd7e6c3dc0eda5709485108dce9d70b5e277f
-
Size
1.1MB
-
MD5
f69dbc7ed3eaa5c7a797e106efa1f332
-
SHA1
1a5b894c62c7897e794fa2557597568a92a6676e
-
SHA256
16e22fc928eb80237fbac2421fcfd7e6c3dc0eda5709485108dce9d70b5e277f
-
SHA512
c780c6048acda32b1f53cf7c6a9572094b213fe4459a7fac918c06d92c15068f8d6e018dd9eff6dcb8a1618e502c0a29f62eb0005aaef54e8e90cdb27376c3d3
-
SSDEEP
24576:ay1wJN1CafVgO3iH9jsCpmj8wYkQYxTqZFHK5:h1wJbJVgT2Cmj8wYZsqZQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-