General
-
Target
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210.exe
-
Size
1.1MB
-
Sample
230514-xa46zsfc8y
-
MD5
ca4d9dcfd84400a97ce826298dfd5f84
-
SHA1
e5d20a8a1a2e130f86b0a4e92c811e3c0ddb5125
-
SHA256
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210
-
SHA512
b016de9cd31847319ff58684d3b2fcd4220d8fc2ad5724835cee12ab043afdb3385abf928f73abba5b0954b45b7238f0fe568ee1bec668648afe6fc6e3a638d6
-
SSDEEP
24576:DyzzA9MXA1HW1TmiftOpw0EBA2KvWH/4cEG8p:WkMQVWzMngA2KOHwcB8
Static task
static1
Behavioral task
behavioral1
Sample
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
derek
185.161.248.75:4132
-
auth_value
c7030724b2b40537db5ba680b1d82ed2
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210.exe
-
Size
1.1MB
-
MD5
ca4d9dcfd84400a97ce826298dfd5f84
-
SHA1
e5d20a8a1a2e130f86b0a4e92c811e3c0ddb5125
-
SHA256
f8c6d11cbb589827f97c9a7f57b1b7f514f9ad7746fe89fa69b8f3c4d3868210
-
SHA512
b016de9cd31847319ff58684d3b2fcd4220d8fc2ad5724835cee12ab043afdb3385abf928f73abba5b0954b45b7238f0fe568ee1bec668648afe6fc6e3a638d6
-
SSDEEP
24576:DyzzA9MXA1HW1TmiftOpw0EBA2KvWH/4cEG8p:WkMQVWzMngA2KOHwcB8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-