General
-
Target
e10f58acf75a83f4ffe7f3616359ad3aaa5689ad45f1c5958eac7aea5228c2d4
-
Size
1.1MB
-
Sample
230514-vyb41aeh4y
-
MD5
a7c4169320e2b5e0836bfec2568851b5
-
SHA1
df2e2d07d658c85e13e2bfe58df28468ec8439fe
-
SHA256
e10f58acf75a83f4ffe7f3616359ad3aaa5689ad45f1c5958eac7aea5228c2d4
-
SHA512
6503e11d4a82267c1e4f72b44111c6004dd115bc18588dfc63d3538965449bdd536302b76e131c8f80a0fe6798cae5c00fde6ef598236054f1fcea99239138eb
-
SSDEEP
24576:zy+Ezr8k5mqpFbzcet+0AtukHnNQaeBbfv3gKKI9o:GxDHzcet+0Atre9nwxI9
Static task
static1
Behavioral task
behavioral1
Sample
e10f58acf75a83f4ffe7f3616359ad3aaa5689ad45f1c5958eac7aea5228c2d4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
e10f58acf75a83f4ffe7f3616359ad3aaa5689ad45f1c5958eac7aea5228c2d4
-
Size
1.1MB
-
MD5
a7c4169320e2b5e0836bfec2568851b5
-
SHA1
df2e2d07d658c85e13e2bfe58df28468ec8439fe
-
SHA256
e10f58acf75a83f4ffe7f3616359ad3aaa5689ad45f1c5958eac7aea5228c2d4
-
SHA512
6503e11d4a82267c1e4f72b44111c6004dd115bc18588dfc63d3538965449bdd536302b76e131c8f80a0fe6798cae5c00fde6ef598236054f1fcea99239138eb
-
SSDEEP
24576:zy+Ezr8k5mqpFbzcet+0AtukHnNQaeBbfv3gKKI9o:GxDHzcet+0Atre9nwxI9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-