General
-
Target
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb.exe
-
Size
1.1MB
-
Sample
230514-w6tjpacg93
-
MD5
42362864f5733b6b75470200cd91a013
-
SHA1
58706bf1f9aab708b24a8887ea0059745f7e96fe
-
SHA256
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb
-
SHA512
57713fc3ec5421339a3b569d167109b34daecfb4fe478e3a9c7a1fe0212227f0085ef09b9a985c07406e5b8b6f242a41e7f7a971259df139b34226ee4f957a61
-
SSDEEP
24576:SyDnfN8kD60UOOuHM8kUdzpDfNvvsn8FEt+iPT:5zVlDn5g8nVDFfSh
Static task
static1
Behavioral task
behavioral1
Sample
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb.exe
-
Size
1.1MB
-
MD5
42362864f5733b6b75470200cd91a013
-
SHA1
58706bf1f9aab708b24a8887ea0059745f7e96fe
-
SHA256
c89f102496d157011d6dcff368011b84d54ec2ea22847eb1c9bc4dde9b2dacfb
-
SHA512
57713fc3ec5421339a3b569d167109b34daecfb4fe478e3a9c7a1fe0212227f0085ef09b9a985c07406e5b8b6f242a41e7f7a971259df139b34226ee4f957a61
-
SSDEEP
24576:SyDnfN8kD60UOOuHM8kUdzpDfNvvsn8FEt+iPT:5zVlDn5g8nVDFfSh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-