General
-
Target
3d214cf5f4c2531d2d023d7beeca679a536f3208332d9df76e5c62f44be155c9
-
Size
1.1MB
-
Sample
230514-vmtvnsce76
-
MD5
c319e335e761ea29a1972b48b453d10c
-
SHA1
b2e0f018cd36d8f9079d7ae798cf2a23aa491b90
-
SHA256
3d214cf5f4c2531d2d023d7beeca679a536f3208332d9df76e5c62f44be155c9
-
SHA512
3603195746fe773115951803f9f46500dd4a0d5e41380cb06fe35e63d6798b5aff0b1cfbec8e736e5230b9c7267f493836e9285d1d72943a3b129cd7ba2b9e24
-
SSDEEP
24576:3y++3BgJXfBsOfZ7ttjs8mM7LIlTxRz9OHalcXNlNfdQGxz2cq:CxapiOR77jfvIhxRRO6yXNl1dQsz2c
Static task
static1
Behavioral task
behavioral1
Sample
3d214cf5f4c2531d2d023d7beeca679a536f3208332d9df76e5c62f44be155c9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
3d214cf5f4c2531d2d023d7beeca679a536f3208332d9df76e5c62f44be155c9
-
Size
1.1MB
-
MD5
c319e335e761ea29a1972b48b453d10c
-
SHA1
b2e0f018cd36d8f9079d7ae798cf2a23aa491b90
-
SHA256
3d214cf5f4c2531d2d023d7beeca679a536f3208332d9df76e5c62f44be155c9
-
SHA512
3603195746fe773115951803f9f46500dd4a0d5e41380cb06fe35e63d6798b5aff0b1cfbec8e736e5230b9c7267f493836e9285d1d72943a3b129cd7ba2b9e24
-
SSDEEP
24576:3y++3BgJXfBsOfZ7ttjs8mM7LIlTxRz9OHalcXNlNfdQGxz2cq:CxapiOR77jfvIhxRRO6yXNl1dQsz2c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-