General
-
Target
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3.exe
-
Size
1.1MB
-
Sample
230514-xaa8xada87
-
MD5
447a338423d960598c962bc2357462be
-
SHA1
c560a6d6a1219eb2a564f511b9f94f10bfe9680e
-
SHA256
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3
-
SHA512
b638942c843013a8e6a0c9db0555e75b84b4c3e176cd9e05c76050cabd8f96fedd883a1b58bbe80e2bdd8027983f93f30d5e40097ebff15da33cf6ecd98e4dc1
-
SSDEEP
24576:fyk2+ZmJUs8Bg3Bn42XAQLrvkVxVBlRRw0:qfumJUBgx8QPsVxVBlR
Static task
static1
Behavioral task
behavioral1
Sample
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3.exe
-
Size
1.1MB
-
MD5
447a338423d960598c962bc2357462be
-
SHA1
c560a6d6a1219eb2a564f511b9f94f10bfe9680e
-
SHA256
ec2d066e99962a25f3db7a6f839c5bab2b090889be6f30406bad596e0eddbff3
-
SHA512
b638942c843013a8e6a0c9db0555e75b84b4c3e176cd9e05c76050cabd8f96fedd883a1b58bbe80e2bdd8027983f93f30d5e40097ebff15da33cf6ecd98e4dc1
-
SSDEEP
24576:fyk2+ZmJUs8Bg3Bn42XAQLrvkVxVBlRRw0:qfumJUBgx8QPsVxVBlR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-