General
-
Target
6b38d52a244f44f4f891261afcfa1c600b8447a942cb8aa6b198404f71b628e3
-
Size
1.1MB
-
Sample
230514-vxp98sce95
-
MD5
495b572c574d3c5214c4500ba5da19a7
-
SHA1
e73df53db1dfffa43db53066fb68bdf3426ba3d9
-
SHA256
6b38d52a244f44f4f891261afcfa1c600b8447a942cb8aa6b198404f71b628e3
-
SHA512
c9c21af760baba1dbc5056e6da2fe00daa175877c00d0e8cd3c73410ebae81196d12809425c852e236a37cf8c42df6a675db2d7cc31445cc6819ac31e8d91b46
-
SSDEEP
24576:7yxtPFyJU9D4cQQCeBudPjnR4F6WtHCQu4BRUaj8bWtoehUncR:uLNUU9DwQ+jrQh8bWtoP
Static task
static1
Behavioral task
behavioral1
Sample
6b38d52a244f44f4f891261afcfa1c600b8447a942cb8aa6b198404f71b628e3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
6b38d52a244f44f4f891261afcfa1c600b8447a942cb8aa6b198404f71b628e3
-
Size
1.1MB
-
MD5
495b572c574d3c5214c4500ba5da19a7
-
SHA1
e73df53db1dfffa43db53066fb68bdf3426ba3d9
-
SHA256
6b38d52a244f44f4f891261afcfa1c600b8447a942cb8aa6b198404f71b628e3
-
SHA512
c9c21af760baba1dbc5056e6da2fe00daa175877c00d0e8cd3c73410ebae81196d12809425c852e236a37cf8c42df6a675db2d7cc31445cc6819ac31e8d91b46
-
SSDEEP
24576:7yxtPFyJU9D4cQQCeBudPjnR4F6WtHCQu4BRUaj8bWtoehUncR:uLNUU9DwQ+jrQh8bWtoP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-