General
-
Target
fd16d6f654e6447103f5efc399f1043814d6c7e50b327d968e6702f4302a1853
-
Size
1.1MB
-
Sample
230514-vwd6ksce92
-
MD5
799555d9398432a477a8d8fda446893b
-
SHA1
0d9b49606bc2da6323b6a742bb2d5c69bc884e3a
-
SHA256
fd16d6f654e6447103f5efc399f1043814d6c7e50b327d968e6702f4302a1853
-
SHA512
d21984bcc167e55763b568c4531eff3cd1a580ed2d422ea7667e2fdce4abcd279c9363f78a24be884594ea9cdc927d92c8e88ecd89f8f1fbc53290d00d2552c0
-
SSDEEP
24576:AysQx0n+n/CmcTo+R/CyNCbiBX7R39UZOaGo885r6R9svQvLVJgZaj:HsQmn+/lcfvzRF3+gaGo885G9s+LVJO
Static task
static1
Behavioral task
behavioral1
Sample
fd16d6f654e6447103f5efc399f1043814d6c7e50b327d968e6702f4302a1853.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
fd16d6f654e6447103f5efc399f1043814d6c7e50b327d968e6702f4302a1853
-
Size
1.1MB
-
MD5
799555d9398432a477a8d8fda446893b
-
SHA1
0d9b49606bc2da6323b6a742bb2d5c69bc884e3a
-
SHA256
fd16d6f654e6447103f5efc399f1043814d6c7e50b327d968e6702f4302a1853
-
SHA512
d21984bcc167e55763b568c4531eff3cd1a580ed2d422ea7667e2fdce4abcd279c9363f78a24be884594ea9cdc927d92c8e88ecd89f8f1fbc53290d00d2552c0
-
SSDEEP
24576:AysQx0n+n/CmcTo+R/CyNCbiBX7R39UZOaGo885r6R9svQvLVJgZaj:HsQmn+/lcfvzRF3+gaGo885G9s+LVJO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-