General
-
Target
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92.exe
-
Size
1.1MB
-
Sample
230514-w6nnfafa71
-
MD5
a0d407bff7723d89f3a17b3ed1824a85
-
SHA1
1f5d343a4e51b26e97432b59d4c6cf15922c8e11
-
SHA256
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92
-
SHA512
6ef9e1a47b35f3eec6b54ee48e168f99f0c4f683240f89400971bc2d773c494545d35e00c00a200e4f3127dcf141f3043193058c820cf18f4044ab4aec74d931
-
SSDEEP
24576:tyVtgWQsf890Vew56gK5+JeE5YmnrpF2lb:IVCWQsfcwl5PKej5YmnNF2
Static task
static1
Behavioral task
behavioral1
Sample
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92.exe
-
Size
1.1MB
-
MD5
a0d407bff7723d89f3a17b3ed1824a85
-
SHA1
1f5d343a4e51b26e97432b59d4c6cf15922c8e11
-
SHA256
c347081ec0d10ba6c004ccfc0fcad5b3e8f18c3dd03db909763f8558faec9f92
-
SHA512
6ef9e1a47b35f3eec6b54ee48e168f99f0c4f683240f89400971bc2d773c494545d35e00c00a200e4f3127dcf141f3043193058c820cf18f4044ab4aec74d931
-
SSDEEP
24576:tyVtgWQsf890Vew56gK5+JeE5YmnrpF2lb:IVCWQsfcwl5PKej5YmnNF2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-