General
-
Target
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675.exe
-
Size
1.1MB
-
Sample
230514-w8qktafb7t
-
MD5
239f9de8a3fae44b6bfe4c31b59b05e4
-
SHA1
1bb7338ca10047a6cd242be59a6d27796c1816db
-
SHA256
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675
-
SHA512
82f48c75bbe0cc79203218e76677cbcd1f459c7e9c1a6c882aab2d4dd4afc9c9ffae54bc7563c211b959cc90a8309a4bbaec95db06e37993819805a2896ae9eb
-
SSDEEP
24576:1y2coo1nqFNHm4ubkwE8RN+sqG/O96OMOVghuglXf6Juua:QvomnQHGC8f7W/ghuAPd
Static task
static1
Behavioral task
behavioral1
Sample
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675.exe
-
Size
1.1MB
-
MD5
239f9de8a3fae44b6bfe4c31b59b05e4
-
SHA1
1bb7338ca10047a6cd242be59a6d27796c1816db
-
SHA256
daf60a5bcab1649d22f424e0bc41b0a4d9cbd444c42ceab6f129883d32e4a675
-
SHA512
82f48c75bbe0cc79203218e76677cbcd1f459c7e9c1a6c882aab2d4dd4afc9c9ffae54bc7563c211b959cc90a8309a4bbaec95db06e37993819805a2896ae9eb
-
SSDEEP
24576:1y2coo1nqFNHm4ubkwE8RN+sqG/O96OMOVghuglXf6Juua:QvomnQHGC8f7W/ghuAPd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-