General
-
Target
2d839e807fc130cc84c9cd45fc50437d.bin
-
Size
1.1MB
-
Sample
230515-bk36sage3x
-
MD5
a3885fd0dc100b3494c6d04da0da586c
-
SHA1
27689c41aebde9c4938e45d0e7b1189a02168d30
-
SHA256
eb31f6403a1c3a9db182a07ff329de83b762997e3799f57055d59c9b0dc6ef00
-
SHA512
ffdb3f252079bb40a27db20b9d5b0aa94fad313a6a3baaa96dcb0ce8f43000b215747fd6995db6f0567aa1d573b1e190e2bc39278b36f7c981a1c7c069fe4909
-
SSDEEP
24576:lqH3wEHRKdch25V1EWCubFoJBYFypDiYSBWRiEnq97JRtzNVBy5r:MHAo+ch25V1EWBbF0BYFyRHS5j3thjIr
Static task
static1
Behavioral task
behavioral1
Sample
5651cc4a142270f16a9c282e4b06073e960cf3e00896115cacd890dc2531d1d5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5651cc4a142270f16a9c282e4b06073e960cf3e00896115cacd890dc2531d1d5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
5651cc4a142270f16a9c282e4b06073e960cf3e00896115cacd890dc2531d1d5.exe
-
Size
1.1MB
-
MD5
2d839e807fc130cc84c9cd45fc50437d
-
SHA1
a5c001ef2b176252d96deee16087102c8aeb89dc
-
SHA256
5651cc4a142270f16a9c282e4b06073e960cf3e00896115cacd890dc2531d1d5
-
SHA512
884cfea01099bccd0e22be79d1b4448b7eed39cf4c3871459943b7496c92541d6392edf56f5aed46f9bf8a933a382971f67d1b764c71842f4210a6b54d3c7017
-
SSDEEP
24576:oyDUGiyNung9/GH4qn2DtmYWsVrHI/Cg34lSrhDu8:vDUxyY/H3n7s9HICu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-