General
-
Target
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea.exe
-
Size
1.1MB
-
Sample
230514-w6pkqscg83
-
MD5
ded432a644ec2446c36f2e494714d7c8
-
SHA1
93b9833ff6637f8feebc027ff8c14077f070401a
-
SHA256
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea
-
SHA512
c3c7967dd7ba442cbee65a23b45fc2aa7d1e4951d5dfaaf37babd999d5a5530a7763bf63f87198c0e2c3409bb6f204b28b99a3d5a1cdf5695a91875f1a39a464
-
SSDEEP
24576:0yTq3eNZQKrmfysYrhXtOxMi+7TOcCoBDIzazAO/p6vrYVyLkAH:DTqunQKZsA1tvi+3OMIzZ8pQsVU3
Static task
static1
Behavioral task
behavioral1
Sample
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea.exe
-
Size
1.1MB
-
MD5
ded432a644ec2446c36f2e494714d7c8
-
SHA1
93b9833ff6637f8feebc027ff8c14077f070401a
-
SHA256
c6dba2c0456235db30427c458b548ce3bea9a7b31f3b9d7bdf63d33b5e322bea
-
SHA512
c3c7967dd7ba442cbee65a23b45fc2aa7d1e4951d5dfaaf37babd999d5a5530a7763bf63f87198c0e2c3409bb6f204b28b99a3d5a1cdf5695a91875f1a39a464
-
SSDEEP
24576:0yTq3eNZQKrmfysYrhXtOxMi+7TOcCoBDIzazAO/p6vrYVyLkAH:DTqunQKZsA1tvi+3OMIzZ8pQsVU3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-