General
-
Target
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d.exe
-
Size
1.1MB
-
Sample
230514-w79x3ach75
-
MD5
63f9775afd221d9b162a8bf2a2df665c
-
SHA1
59acb0064d24eed2fdf34eb8c629b112dad30f67
-
SHA256
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d
-
SHA512
973abf0ca021d8a17d8499c138f921e0689fe10089ba2d7a4561ab0af871fae4d3116f29aba3601124f21263e67421be831ddee40d402904ffd782fe3c4bf862
-
SSDEEP
24576:wyaOeVa6Pf7cA1xT0SLV4WZrhKvN/k8fXZ4Ve4qe/0pw8O8YHxc:3kLf7cA1FvLVTJhKvN86p4Ve4qespwjH
Static task
static1
Behavioral task
behavioral1
Sample
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
messi
185.161.248.75:4132
-
auth_value
b602b28664bb738e322d37baab91db28
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d.exe
-
Size
1.1MB
-
MD5
63f9775afd221d9b162a8bf2a2df665c
-
SHA1
59acb0064d24eed2fdf34eb8c629b112dad30f67
-
SHA256
d74c5658f36f2ed2a08b963ab83d5a95031bd9e1baec48ee398a84af0f0eda7d
-
SHA512
973abf0ca021d8a17d8499c138f921e0689fe10089ba2d7a4561ab0af871fae4d3116f29aba3601124f21263e67421be831ddee40d402904ffd782fe3c4bf862
-
SSDEEP
24576:wyaOeVa6Pf7cA1xT0SLV4WZrhKvN/k8fXZ4Ve4qe/0pw8O8YHxc:3kLf7cA1FvLVTJhKvN86p4Ve4qespwjH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-