General
-
Target
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508.exe
-
Size
1.1MB
-
Sample
230514-xa7bcafc81
-
MD5
f06883f1ccfd008fd75c52f6e372720e
-
SHA1
5c317a6dbf1593a46ccdfad46e857c034b135f74
-
SHA256
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508
-
SHA512
6193d08745c05f5f1d2842c0253c25d3a3ba2a9aab7b9c0a8b4e302b13d2645b2c9e6663a5603f2b48f425c5f7f5f962cdc21db409c292d2a972a070e050499e
-
SSDEEP
24576:vyXwwNEWX9zmDV44JVJ8pWCuKlDxVlZgVHbT17HBO/zPmp:6Xwodyn/unlZSH1kz
Static task
static1
Behavioral task
behavioral1
Sample
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508.exe
-
Size
1.1MB
-
MD5
f06883f1ccfd008fd75c52f6e372720e
-
SHA1
5c317a6dbf1593a46ccdfad46e857c034b135f74
-
SHA256
fab7e5c90e2dd8d44fc261d63cb90f4a58edd3fb6f8b65331c1fc74c53b93508
-
SHA512
6193d08745c05f5f1d2842c0253c25d3a3ba2a9aab7b9c0a8b4e302b13d2645b2c9e6663a5603f2b48f425c5f7f5f962cdc21db409c292d2a972a070e050499e
-
SSDEEP
24576:vyXwwNEWX9zmDV44JVJ8pWCuKlDxVlZgVHbT17HBO/zPmp:6Xwodyn/unlZSH1kz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-