General
-
Target
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353.exe
-
Size
1.1MB
-
Sample
230514-w69kxafa91
-
MD5
db571888628881afc4bfeb498f73c162
-
SHA1
ac636357e8f79cea891e90b715ed1b8c3112dca7
-
SHA256
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353
-
SHA512
b6fd2f5636dd5a5e121d3a578067fc89e11bb0d6149a914f9dcc30baa608bb20ef2d9789b871167d1ef0ed840fd71b66bd8cb5413ff327d54cc8ce1cdfde7628
-
SSDEEP
24576:tyhr1vRdcMPbcmSu5QprZp8cN0Z6Pd2Tt4To8X:IN1Zbg//pnI6P48
Static task
static1
Behavioral task
behavioral1
Sample
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353.exe
-
Size
1.1MB
-
MD5
db571888628881afc4bfeb498f73c162
-
SHA1
ac636357e8f79cea891e90b715ed1b8c3112dca7
-
SHA256
ca96cb7a3759726c8b0b4251f82d3bb469c2ad052e314ab62e4788e00a256353
-
SHA512
b6fd2f5636dd5a5e121d3a578067fc89e11bb0d6149a914f9dcc30baa608bb20ef2d9789b871167d1ef0ed840fd71b66bd8cb5413ff327d54cc8ce1cdfde7628
-
SSDEEP
24576:tyhr1vRdcMPbcmSu5QprZp8cN0Z6Pd2Tt4To8X:IN1Zbg//pnI6P48
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-