General
-
Target
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898.exe
-
Size
1.1MB
-
Sample
230514-w6pkqsfa8z
-
MD5
230ef8b366ca9af1d7a50025fb8f7cb1
-
SHA1
3165ebe8354fc8a4f4be40fac3af04d84fb72563
-
SHA256
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898
-
SHA512
2b33e4dcc91dccec8524d9bd6a16df7eff6c923399edfdeabcf943ee6aadcfc15cd7c6e65fe7499ee79935617e2995691494976c215cc29605dc07a04a90463f
-
SSDEEP
24576:ay0Ko72b429pagUJr71F5Sr2UiZKA/sPOPhr3ql38Al/9+NLOoxwZShi8:h7oD29ggUd1F5vS/POUlsA3oxwMi
Static task
static1
Behavioral task
behavioral1
Sample
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898.exe
-
Size
1.1MB
-
MD5
230ef8b366ca9af1d7a50025fb8f7cb1
-
SHA1
3165ebe8354fc8a4f4be40fac3af04d84fb72563
-
SHA256
c715b815f4ea57106c66eb3b030142aa1c2a2be3f3686ad2d38872272f06b898
-
SHA512
2b33e4dcc91dccec8524d9bd6a16df7eff6c923399edfdeabcf943ee6aadcfc15cd7c6e65fe7499ee79935617e2995691494976c215cc29605dc07a04a90463f
-
SSDEEP
24576:ay0Ko72b429pagUJr71F5Sr2UiZKA/sPOPhr3ql38Al/9+NLOoxwZShi8:h7oD29ggUd1F5vS/POUlsA3oxwMi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-