General
-
Target
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c.exe
-
Size
1.1MB
-
Sample
230514-xa22mafc61
-
MD5
163983aa00cbc582b1c006fd6602e166
-
SHA1
e89e261e22821bee05fcde2aaa4982888ad09e74
-
SHA256
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c
-
SHA512
a72dad4cb95029f02d5b34375b0b506a51bfdde8b608c956df3ea318ef6bd8865e85474500b1cc5c2bbfaf5abae8c2e57b8a9ed18cfd85d4d73347d9977f871f
-
SSDEEP
24576:By9cXkUOZUw8fk/1loN3ELeSz0074g3EC26s3I9I:0aTcUrkNloZE6b074pC2VI9
Static task
static1
Behavioral task
behavioral1
Sample
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c.exe
-
Size
1.1MB
-
MD5
163983aa00cbc582b1c006fd6602e166
-
SHA1
e89e261e22821bee05fcde2aaa4982888ad09e74
-
SHA256
f2360d86438d486d292b61394b10ec6fb4859889a2a52a0f6648bf904415687c
-
SHA512
a72dad4cb95029f02d5b34375b0b506a51bfdde8b608c956df3ea318ef6bd8865e85474500b1cc5c2bbfaf5abae8c2e57b8a9ed18cfd85d4d73347d9977f871f
-
SSDEEP
24576:By9cXkUOZUw8fk/1loN3ELeSz0074g3EC26s3I9I:0aTcUrkNloZE6b074pC2VI9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-