General
-
Target
79ad8b30e1585abaf4844bc0672a4c9df5098def854b7cdf42c57bc75eb834b3
-
Size
1.1MB
-
Sample
230514-z2dt8afh3y
-
MD5
1253a4ea1a2122c4acc99228946d4f9c
-
SHA1
a3458d5fcf90d2423cc938341a03bfedbd33fbca
-
SHA256
79ad8b30e1585abaf4844bc0672a4c9df5098def854b7cdf42c57bc75eb834b3
-
SHA512
d31e9bf8a82286b877324325d934bd0ce5c01f1153f467922ec9e381d2a5607e4abafb7eed3e2f5eb0b1296437e159897e494bac77bdca9b1b7770e68a8400a0
-
SSDEEP
24576:pyW5KO6TV39M7B/8JrPNqq9bIPv/2hJ06EX960IMGfNQ/V7o1+sS6M:cWGTFC7g5FIPv/2hFEOMEm/
Static task
static1
Behavioral task
behavioral1
Sample
79ad8b30e1585abaf4844bc0672a4c9df5098def854b7cdf42c57bc75eb834b3.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
linda
185.161.248.75:4132
-
auth_value
21cdc21d041667b9c1679f88a1146770
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
79ad8b30e1585abaf4844bc0672a4c9df5098def854b7cdf42c57bc75eb834b3
-
Size
1.1MB
-
MD5
1253a4ea1a2122c4acc99228946d4f9c
-
SHA1
a3458d5fcf90d2423cc938341a03bfedbd33fbca
-
SHA256
79ad8b30e1585abaf4844bc0672a4c9df5098def854b7cdf42c57bc75eb834b3
-
SHA512
d31e9bf8a82286b877324325d934bd0ce5c01f1153f467922ec9e381d2a5607e4abafb7eed3e2f5eb0b1296437e159897e494bac77bdca9b1b7770e68a8400a0
-
SSDEEP
24576:pyW5KO6TV39M7B/8JrPNqq9bIPv/2hJ06EX960IMGfNQ/V7o1+sS6M:cWGTFC7g5FIPv/2hFEOMEm/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-