General
-
Target
41f6fa0bcb7ebbf71ba9f7bad407648e.bin
-
Size
1.1MB
-
Sample
230516-bgnlxshd4x
-
MD5
82c1e8557ad137cbba02ef23c5d8c573
-
SHA1
9bb35dbd6551a2d90de0b49883c2731047474cb1
-
SHA256
752561e30da0f1810e511d4a3267144072a8bd7cdc32ab0bbe700fefb3e3c605
-
SHA512
58b95b7400332a362819d01627de5e2d1702c5f0363f3e896f9d1e73e33f8024897e0e7fc84bdb0c44019aa648f70a9ca8f3f0433aaafa4f8cdc7577a6374607
-
SSDEEP
24576:mVT4DwSLvE4TNYOby8EJFJMF2X7SjnqEnIvKzw:m8hvFNYObqSY7MnqWU1
Static task
static1
Behavioral task
behavioral1
Sample
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf.exe
-
Size
1.1MB
-
MD5
41f6fa0bcb7ebbf71ba9f7bad407648e
-
SHA1
c9947b3e67322b76afcc8a533fb481d73ae61b1c
-
SHA256
ff6f9e2634dbeeeaded817e008e7dbe487c316a7546093de3fee20dfbc21b4bf
-
SHA512
2d414a953c012b57c5e4cc38fc862d7540e2da472957d69e9d55b7c1a760f8b105e4c49bfaf8c11641fa6fe858d989284b3fe30b612350fb6152caf5e707f906
-
SSDEEP
24576:byYK08jGLtsa5+k8WXxRYb04Qg43+F5yzmqRHtRk6g5w:OYBsatv5L1x14UiumYHIv5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-