General
-
Target
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba.exe
-
Size
1.1MB
-
Sample
230514-xae7vsfc6y
-
MD5
67100b258e5aef5536ba532ba11eb244
-
SHA1
76bdedf89a0b271c3df2c675a52d9fae04663c59
-
SHA256
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba
-
SHA512
14580d39ecbc0cb8d344a21be77f87d63b5717484e8d664d5184b5655521c708e2d3a7a71f2cd63000e3634bd136f77e7d63045a647f730b1a9cdefdef074bfa
-
SSDEEP
24576:pyDL9SEZ6Q5Uvo03lZwhbRcNQ/pqZ4r7HMtYmdezj8SvEZy8c:cDLYYFgD3lCh+6YZ4X8YmdeP8m8
Static task
static1
Behavioral task
behavioral1
Sample
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba.exe
-
Size
1.1MB
-
MD5
67100b258e5aef5536ba532ba11eb244
-
SHA1
76bdedf89a0b271c3df2c675a52d9fae04663c59
-
SHA256
f0e194c2dc0bb9300aaf1f5db1d671ee425fe8900f822c3eae3a3cb5721fd2ba
-
SHA512
14580d39ecbc0cb8d344a21be77f87d63b5717484e8d664d5184b5655521c708e2d3a7a71f2cd63000e3634bd136f77e7d63045a647f730b1a9cdefdef074bfa
-
SSDEEP
24576:pyDL9SEZ6Q5Uvo03lZwhbRcNQ/pqZ4r7HMtYmdezj8SvEZy8c:cDLYYFgD3lCh+6YZ4X8YmdeP8m8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-