General
-
Target
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7.exe
-
Size
1.1MB
-
Sample
230514-w78d8sfb41
-
MD5
ce24b3613fe644440104aea2c01df609
-
SHA1
3f21ab36809c076e9636eeec589f6c042dffb950
-
SHA256
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7
-
SHA512
af776d7783472b4b3109cfc07b1c66bccef2e20a3bdb47ffcf54a58a0e6e907ad5e2347fd0c394b83c9464ca3ea2a806de43ab5e26477c0e009536cb51803aa4
-
SSDEEP
24576:GyAROTAT/bfG7atUiML0fp5qL+8qVYN8SpkmBnaK5:VhATeaK70hAqVY5naK
Static task
static1
Behavioral task
behavioral1
Sample
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7.exe
-
Size
1.1MB
-
MD5
ce24b3613fe644440104aea2c01df609
-
SHA1
3f21ab36809c076e9636eeec589f6c042dffb950
-
SHA256
d2ab4d02cd30a0c4311ffda8d3df94ff77fe9881c9b6e5f5cb9a6731055f2fb7
-
SHA512
af776d7783472b4b3109cfc07b1c66bccef2e20a3bdb47ffcf54a58a0e6e907ad5e2347fd0c394b83c9464ca3ea2a806de43ab5e26477c0e009536cb51803aa4
-
SSDEEP
24576:GyAROTAT/bfG7atUiML0fp5qL+8qVYN8SpkmBnaK5:VhATeaK70hAqVY5naK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-