General
-
Target
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c.exe
-
Size
1.1MB
-
Sample
230514-xa22madb34
-
MD5
44b7f4e8b852d89c101a7d3e0606bb08
-
SHA1
77a718a672f7d1787048bf17c3ad031ece6cc098
-
SHA256
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c
-
SHA512
8d04a40af4f4b035f4e3f93ecba4f3be19c60aae767ed90715d5a8f6fb725e2d4d3688f47290b0741a0e261b1135ea6738ebc7a223f90aa9153f557e37821f39
-
SSDEEP
24576:7y4BVAyBElkpv/3IAuBE5afICju2NyvJzBsPM4uSxAIWTRkt+9:u4TyWpv/YAaNfPZNyRzBsPzxaTR
Static task
static1
Behavioral task
behavioral1
Sample
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c.exe
-
Size
1.1MB
-
MD5
44b7f4e8b852d89c101a7d3e0606bb08
-
SHA1
77a718a672f7d1787048bf17c3ad031ece6cc098
-
SHA256
f2a344483e0d55214184fa60ad1faf6d955e6b8b86fc030327fc0247b95c325c
-
SHA512
8d04a40af4f4b035f4e3f93ecba4f3be19c60aae767ed90715d5a8f6fb725e2d4d3688f47290b0741a0e261b1135ea6738ebc7a223f90aa9153f557e37821f39
-
SSDEEP
24576:7y4BVAyBElkpv/3IAuBE5afICju2NyvJzBsPM4uSxAIWTRkt+9:u4TyWpv/YAaNfPZNyRzBsPzxaTR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-