General
-
Target
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde
-
Size
1.1MB
-
Sample
230514-y4kj4sfg3t
-
MD5
3c64bdc89c6fc41944c044efbaa328cb
-
SHA1
2fc9de34aa414bdcd3aae0cb249dc0f10b275c7b
-
SHA256
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde
-
SHA512
43c4753e00bcb986fdedbbf17391f50ee4d463637d5dac843cadd34ecd86ec71c2a5cdd8dc9c548a989e9e133a6e05015da927b93d60da7deafe8c5f1749b7b1
-
SSDEEP
24576:Hy62vOnIuDzH3DFiFGGj2/Rn2rFBfGNliiQsUfmEZSQW:S94HhoGv/x2rFBfGNl7QsUfmeP
Static task
static1
Behavioral task
behavioral1
Sample
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde.exe
Resource
win10-20230220-en
Behavioral task
behavioral3
Sample
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
linda
185.161.248.75:4132
-
auth_value
21cdc21d041667b9c1679f88a1146770
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde
-
Size
1.1MB
-
MD5
3c64bdc89c6fc41944c044efbaa328cb
-
SHA1
2fc9de34aa414bdcd3aae0cb249dc0f10b275c7b
-
SHA256
e17dd3190fc9cd9e9cc2a1d80f1479d062b60ba2b2b9cb2a8877019133fc2cde
-
SHA512
43c4753e00bcb986fdedbbf17391f50ee4d463637d5dac843cadd34ecd86ec71c2a5cdd8dc9c548a989e9e133a6e05015da927b93d60da7deafe8c5f1749b7b1
-
SSDEEP
24576:Hy62vOnIuDzH3DFiFGGj2/Rn2rFBfGNliiQsUfmEZSQW:S94HhoGv/x2rFBfGNl7QsUfmeP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-