General
-
Target
903866aab898c2fbe7d6d17b6e98f6028b106bb836e0d434f35bd3b3029936f4
-
Size
1.1MB
-
Sample
230514-vqcesseh2y
-
MD5
b9c5c5999f2d9a0c90b26a820a8786db
-
SHA1
4661409408deb55dd3082749a4dc1bd9fe089328
-
SHA256
903866aab898c2fbe7d6d17b6e98f6028b106bb836e0d434f35bd3b3029936f4
-
SHA512
5b6304dff794b328061d0003ae3a00d80ec8e36982e7b9fd49a959e7a5aff4a915b683c1566d96fbc247418c9e5163973dac39a9313396c0bfe16d0180967c18
-
SSDEEP
24576:SybuGIAGf32TYNuKnDKRojHZG9OpJjFyxwGVe2Ut5iV:5Ef32TKt7qO7Jyxi
Static task
static1
Behavioral task
behavioral1
Sample
903866aab898c2fbe7d6d17b6e98f6028b106bb836e0d434f35bd3b3029936f4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
903866aab898c2fbe7d6d17b6e98f6028b106bb836e0d434f35bd3b3029936f4
-
Size
1.1MB
-
MD5
b9c5c5999f2d9a0c90b26a820a8786db
-
SHA1
4661409408deb55dd3082749a4dc1bd9fe089328
-
SHA256
903866aab898c2fbe7d6d17b6e98f6028b106bb836e0d434f35bd3b3029936f4
-
SHA512
5b6304dff794b328061d0003ae3a00d80ec8e36982e7b9fd49a959e7a5aff4a915b683c1566d96fbc247418c9e5163973dac39a9313396c0bfe16d0180967c18
-
SSDEEP
24576:SybuGIAGf32TYNuKnDKRojHZG9OpJjFyxwGVe2Ut5iV:5Ef32TKt7qO7Jyxi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-