General
-
Target
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be.exe
-
Size
1.1MB
-
Sample
230514-xbktqsdb78
-
MD5
75b644e2f47823965505f3791db7046d
-
SHA1
aa10b6cae76ad49689aee6b331a5b431e2019a58
-
SHA256
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be
-
SHA512
a1a60f781f8393b8cdeb0ef3c168d081566dfa5f67affd63835940dc9bcb5c014ccc375e81998fefbe2c0df04a319d490eaaace0e7d661fcc9c9d21c871bbc61
-
SSDEEP
24576:Ky15QghUQSn0y++gPEp2yyAK+/wXYoutnuFsQmGTjt:R15ZUQSn0Ms9yyH+KKuuQzTj
Static task
static1
Behavioral task
behavioral1
Sample
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be.exe
-
Size
1.1MB
-
MD5
75b644e2f47823965505f3791db7046d
-
SHA1
aa10b6cae76ad49689aee6b331a5b431e2019a58
-
SHA256
fd23e97ad2b792a26e1e7c5a48a098b2ba00c12e8e6e662722be794feeedd3be
-
SHA512
a1a60f781f8393b8cdeb0ef3c168d081566dfa5f67affd63835940dc9bcb5c014ccc375e81998fefbe2c0df04a319d490eaaace0e7d661fcc9c9d21c871bbc61
-
SSDEEP
24576:Ky15QghUQSn0y++gPEp2yyAK+/wXYoutnuFsQmGTjt:R15ZUQSn0Ms9yyH+KKuuQzTj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-