General
-
Target
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403.exe
-
Size
1.0MB
-
Sample
230518-regnlabb8w
-
MD5
a70ecc353c7d887786dedf7018c81b5a
-
SHA1
a4cc9a263bab80b680d651428e61076e1bf7e589
-
SHA256
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403
-
SHA512
55deaf4cc26b60e006f657d87ccf5971185cb4965d3f44c3ee2fae5bee492af59f29a446ec4e49c9e01fb1fbdede99f63f3c9f85058ee1190337cbd4c13130d4
-
SSDEEP
12288:6Mrfy90dfjcZ4gTNEpXmsMhFSWUMvkFlgW/KY3TBdXAwH0NaFu1ScGEmFtzzz48c:NyKv3IhFSsvElgkKY3Tfj0aST65zUf
Static task
static1
Behavioral task
behavioral1
Sample
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luna
77.91.68.253:4138
-
auth_value
16dec8addb01db1c11c59667022ef7a2
Targets
-
-
Target
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403.exe
-
Size
1.0MB
-
MD5
a70ecc353c7d887786dedf7018c81b5a
-
SHA1
a4cc9a263bab80b680d651428e61076e1bf7e589
-
SHA256
cdf7b25b498e708f3d8f1100b740bb5eab55e6870ee239e3218a645d8a17f403
-
SHA512
55deaf4cc26b60e006f657d87ccf5971185cb4965d3f44c3ee2fae5bee492af59f29a446ec4e49c9e01fb1fbdede99f63f3c9f85058ee1190337cbd4c13130d4
-
SSDEEP
12288:6Mrfy90dfjcZ4gTNEpXmsMhFSWUMvkFlgW/KY3TBdXAwH0NaFu1ScGEmFtzzz48c:NyKv3IhFSsvElgkKY3Tfj0aST65zUf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-