General
-
Target
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c.exe
-
Size
1.1MB
-
Sample
230514-w6ny7scg69
-
MD5
d4b2c2ca18eb3cc481c0e2a47825136f
-
SHA1
5bf18a9cbef3ae759959580a2a1245eecb5b86e8
-
SHA256
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c
-
SHA512
be8b63e820399de153e103e9706f9141d909126d6cf302c8521313b4b023deff5e407af7013af06837e0a8943eb4d425c43cc50df9f8e7186d199fa83aa793c3
-
SSDEEP
24576:8yjYsCLY3jUprItAmkB4hJnAPMvCaOpmT3fwGufev+K:rxCLeUCtAmkShRAP6CVyYn
Static task
static1
Behavioral task
behavioral1
Sample
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c.exe
-
Size
1.1MB
-
MD5
d4b2c2ca18eb3cc481c0e2a47825136f
-
SHA1
5bf18a9cbef3ae759959580a2a1245eecb5b86e8
-
SHA256
c48fb819ec1a07bf07738e7932f202b06b0e9a27df933861aaad911a066c912c
-
SHA512
be8b63e820399de153e103e9706f9141d909126d6cf302c8521313b4b023deff5e407af7013af06837e0a8943eb4d425c43cc50df9f8e7186d199fa83aa793c3
-
SSDEEP
24576:8yjYsCLY3jUprItAmkB4hJnAPMvCaOpmT3fwGufev+K:rxCLeUCtAmkShRAP6CVyYn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-