General
-
Target
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2.exe
-
Size
1.1MB
-
Sample
230514-w6pwhacg87
-
MD5
0b6c244414323589362c08fadce18d32
-
SHA1
0c7c6fe43f2e44aa4ac6c43c49ca2b41d9ddff49
-
SHA256
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2
-
SHA512
f9d4cdcf0c180ad6ed2b96fae683b9f4ba0f516dfe6744260e6255bdef2b59f54460183a10ed82fce9d646648744b51d94cf6a9a8969e4ee11e68232d5fd0120
-
SSDEEP
24576:qy4neMHPHsX/tWzU0/MzWRufWhEg2blH/kdhmsJhpn/QseT:x4e6PHsX/0zvyfsEg2pHsdAsJhpo
Static task
static1
Behavioral task
behavioral1
Sample
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2.exe
-
Size
1.1MB
-
MD5
0b6c244414323589362c08fadce18d32
-
SHA1
0c7c6fe43f2e44aa4ac6c43c49ca2b41d9ddff49
-
SHA256
c7c4015628de6c22e953876d26e30bb5364eb03e40d3a59f48f548d9e4a853a2
-
SHA512
f9d4cdcf0c180ad6ed2b96fae683b9f4ba0f516dfe6744260e6255bdef2b59f54460183a10ed82fce9d646648744b51d94cf6a9a8969e4ee11e68232d5fd0120
-
SSDEEP
24576:qy4neMHPHsX/tWzU0/MzWRufWhEg2blH/kdhmsJhpn/QseT:x4e6PHsX/0zvyfsEg2pHsdAsJhpo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-