General
-
Target
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8.exe
-
Size
1.1MB
-
Sample
230514-xbkhzadb76
-
MD5
5b2a1300ea6656eb44cb58b35ee8788d
-
SHA1
0012c9c2223f6ad02e1e7591f31b2c4ad0ccea92
-
SHA256
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8
-
SHA512
1112f021f2eed7658039a983eaeba61f2fea2be67fb0279d07f3bb76038b71be022dc8aae15bf5286db528e87d8a638e4e19f5cf9089b12586fa273e5a5ae785
-
SSDEEP
24576:dyaBgEGGauBbrj3kVnYoDsIZWf3h+RLGY:4ZEGMBbrQRsoy+VG
Static task
static1
Behavioral task
behavioral1
Sample
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8.exe
-
Size
1.1MB
-
MD5
5b2a1300ea6656eb44cb58b35ee8788d
-
SHA1
0012c9c2223f6ad02e1e7591f31b2c4ad0ccea92
-
SHA256
fbf6819b7141122eddcf91fb48733c3d5487e0fdc2d647202812f7d019d5b3d8
-
SHA512
1112f021f2eed7658039a983eaeba61f2fea2be67fb0279d07f3bb76038b71be022dc8aae15bf5286db528e87d8a638e4e19f5cf9089b12586fa273e5a5ae785
-
SSDEEP
24576:dyaBgEGGauBbrj3kVnYoDsIZWf3h+RLGY:4ZEGMBbrQRsoy+VG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-