General
-
Target
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008.exe
-
Size
1.1MB
-
Sample
230514-w8p92sch96
-
MD5
29d7e45b43ec1d43ebb98fac13c15c4a
-
SHA1
c53bb9b748fe8ea407a255af188a9fd982e1a19f
-
SHA256
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008
-
SHA512
d49760088fcc7a26bec83168cfc2fb1a90ce7816ce10b196c2792c79687381ea54a56bcc915a67edd99ddba0697d77f95828c01926b2704e2278d204432d2d92
-
SSDEEP
24576:hyL6F3AoLQUim3RSibOoRL7DjUDzabP4zqzodPy0Z1fTvx5+56:UL6VA41im3R7I24Guy0fF5+
Static task
static1
Behavioral task
behavioral1
Sample
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008.exe
-
Size
1.1MB
-
MD5
29d7e45b43ec1d43ebb98fac13c15c4a
-
SHA1
c53bb9b748fe8ea407a255af188a9fd982e1a19f
-
SHA256
da001378fabef8421c89bf648c9729ac6ec8fe5a4dcf6d4255928ec997385008
-
SHA512
d49760088fcc7a26bec83168cfc2fb1a90ce7816ce10b196c2792c79687381ea54a56bcc915a67edd99ddba0697d77f95828c01926b2704e2278d204432d2d92
-
SSDEEP
24576:hyL6F3AoLQUim3RSibOoRL7DjUDzabP4zqzodPy0Z1fTvx5+56:UL6VA41im3R7I24Guy0fF5+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-