General
-
Target
e5a423ef32be55b9f547b0231bd974d8d359b45b023851aa6ecc0c64ed3c44cc
-
Size
1.1MB
-
Sample
230515-zg3ylsfg7y
-
MD5
249b689b923497f2acdfe4f8a8e797f4
-
SHA1
cdc404948e25c74b546ce64322bfad2f16d4667c
-
SHA256
e5a423ef32be55b9f547b0231bd974d8d359b45b023851aa6ecc0c64ed3c44cc
-
SHA512
65c0f61764d9d0975ac5e78324b3aeafeba6df062445561e1fa03ee500fda90952553c1cf3f52aef8dceee17c0cb83662d2fe724e8cb44e6b2674a9f459b8da0
-
SSDEEP
24576:MyiRYW9t8fr6ncIB/S+M9hDY03umkzKT9mLM4AzjIjjzRqtA5Acpp:7iiWzdncwib5oK+EUHRMA5Ac
Static task
static1
Behavioral task
behavioral1
Sample
e5a423ef32be55b9f547b0231bd974d8d359b45b023851aa6ecc0c64ed3c44cc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
laza
185.161.248.25:4132
-
auth_value
d7ccb2ab31ec12673b18474ab15e1a38
Extracted
redline
sister
185.161.248.25:4132
-
auth_value
61021810f83e6d5e6ff303aaac03c0e1
Targets
-
-
Target
e5a423ef32be55b9f547b0231bd974d8d359b45b023851aa6ecc0c64ed3c44cc
-
Size
1.1MB
-
MD5
249b689b923497f2acdfe4f8a8e797f4
-
SHA1
cdc404948e25c74b546ce64322bfad2f16d4667c
-
SHA256
e5a423ef32be55b9f547b0231bd974d8d359b45b023851aa6ecc0c64ed3c44cc
-
SHA512
65c0f61764d9d0975ac5e78324b3aeafeba6df062445561e1fa03ee500fda90952553c1cf3f52aef8dceee17c0cb83662d2fe724e8cb44e6b2674a9f459b8da0
-
SSDEEP
24576:MyiRYW9t8fr6ncIB/S+M9hDY03umkzKT9mLM4AzjIjjzRqtA5Acpp:7iiWzdncwib5oK+EUHRMA5Ac
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-