General
-
Target
8f691a045fa489404880439dd6d44221.bin
-
Size
1.1MB
-
Sample
230515-b1zhjagf2x
-
MD5
e7ed76cae76ba5b0039d6a8d8af207d4
-
SHA1
4b5bdf351dc9046164ba309e77fb9aa77c96628f
-
SHA256
4023dbb03db6840a5495a07e7560a44d8182ca6195123f182329a9b0cc460229
-
SHA512
3a9f2592aeff81fe77a94b6d6abaf0a7e488d50655b612b3c0ccef0d2767a9296436abbba27fa04056485e6ce91746aac17dec34924bd6438f2641d003b019f2
-
SSDEEP
24576:iY5sFBD8J3jah8sKUT9+tNIPdsOyX5+dFTtEkyuXX2p1R43:iY5sn03jahFKUgtNIPkXkpXsS
Static task
static1
Behavioral task
behavioral1
Sample
c195813c98544ae1cd059056f1bc2ac6f58506704648011dce21095db25f7c47.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c195813c98544ae1cd059056f1bc2ac6f58506704648011dce21095db25f7c47.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
c195813c98544ae1cd059056f1bc2ac6f58506704648011dce21095db25f7c47.exe
-
Size
1.1MB
-
MD5
8f691a045fa489404880439dd6d44221
-
SHA1
152d5a5a3a1a36a118510e7e570270eadf448c0e
-
SHA256
c195813c98544ae1cd059056f1bc2ac6f58506704648011dce21095db25f7c47
-
SHA512
cf897996af44538b978a56af9865e2e53fb06041067eb8c032bc5d74ab8f76f9b56873b6e20ba20cca72bfb1870047559a9380465a9baa5656ffbbd426a48c04
-
SSDEEP
24576:nyR9QiO+l6KnAJrbqkKH7a5B+1hrjQF85yqJGrFEVpSWl58di7YC:yR9Q+lZARbqxH7a5B+1hfQF859kpEVt6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-