General
-
Target
93e74b53aa96f0769f084d1716d3440c47d988bf0705b8ac5e456d163b4f1dcc
-
Size
1.1MB
-
Sample
230514-zsgvhsfg9v
-
MD5
6495f2c3eb36d9f72e13cadf99e350cd
-
SHA1
dda0040d166bdea377cc6e3e962384490cc09181
-
SHA256
93e74b53aa96f0769f084d1716d3440c47d988bf0705b8ac5e456d163b4f1dcc
-
SHA512
4f12810a81a7ef665415be8dfe570a1802432d0a4e221d36bf38c600c16a6b9af037aa7ae6634478022eec6860d25aac24c86ec60de753638d54750eaaccc918
-
SSDEEP
24576:LysSAjUyYRBbyRNamISPWejhG7j7xMKo9FTBrEh:+IRQBWRNYKWXhO/E
Static task
static1
Behavioral task
behavioral1
Sample
93e74b53aa96f0769f084d1716d3440c47d988bf0705b8ac5e456d163b4f1dcc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
linda
185.161.248.75:4132
-
auth_value
21cdc21d041667b9c1679f88a1146770
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
93e74b53aa96f0769f084d1716d3440c47d988bf0705b8ac5e456d163b4f1dcc
-
Size
1.1MB
-
MD5
6495f2c3eb36d9f72e13cadf99e350cd
-
SHA1
dda0040d166bdea377cc6e3e962384490cc09181
-
SHA256
93e74b53aa96f0769f084d1716d3440c47d988bf0705b8ac5e456d163b4f1dcc
-
SHA512
4f12810a81a7ef665415be8dfe570a1802432d0a4e221d36bf38c600c16a6b9af037aa7ae6634478022eec6860d25aac24c86ec60de753638d54750eaaccc918
-
SSDEEP
24576:LysSAjUyYRBbyRNamISPWejhG7j7xMKo9FTBrEh:+IRQBWRNYKWXhO/E
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-