General
-
Target
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62.exe
-
Size
1.1MB
-
Sample
230514-xa3cdsdb42
-
MD5
5bb28ab2c9ce275bce2c8185073a1201
-
SHA1
ee4fa76fc59b671d01969904df7ab11aa1a82b6c
-
SHA256
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62
-
SHA512
8e2b8da6a906db55bb28f33ca57b8e53aae5dade81f85df8809b2b553674326693cc609f79df54a3248c4b718db10f86f5fdca0da456b833a9d58159088ea4f8
-
SSDEEP
24576:MypbYFN2bOOWk5uPdWjruwBjtOMJsH9oaUotJg:7Z4NMOOW+UdWjrpZk9gob
Static task
static1
Behavioral task
behavioral1
Sample
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62.exe
-
Size
1.1MB
-
MD5
5bb28ab2c9ce275bce2c8185073a1201
-
SHA1
ee4fa76fc59b671d01969904df7ab11aa1a82b6c
-
SHA256
f35289be27eeb70e3ebd8346b268ee029c267d8578cfd8094e854f6aec904b62
-
SHA512
8e2b8da6a906db55bb28f33ca57b8e53aae5dade81f85df8809b2b553674326693cc609f79df54a3248c4b718db10f86f5fdca0da456b833a9d58159088ea4f8
-
SSDEEP
24576:MypbYFN2bOOWk5uPdWjruwBjtOMJsH9oaUotJg:7Z4NMOOW+UdWjrpZk9gob
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-