General
-
Target
c8a414d439f5c449d194cc64370e1b07a2358f83059b0f33b8baf9189a45a9a2
-
Size
1.0MB
-
Sample
230519-2cz29sgf64
-
MD5
00f34f518189f0eb4f61acecada137e1
-
SHA1
cd2e9f98ed92c6d6c7a2932689e7713ec92f0ea3
-
SHA256
c8a414d439f5c449d194cc64370e1b07a2358f83059b0f33b8baf9189a45a9a2
-
SHA512
dab6ca230afe4df91b55d13470c2e594f6c488d4a50384e54e81047bedcc5844697c91269db6b231c4417ff4db3d7cd3d19a588d9580ce9d0cdc75b6453c9aa1
-
SSDEEP
24576:GymFJcqmAGmO6mCttYgNc6TAWl2LbTCCHO:VmFJcDiO6bttFPTAKCbTCK
Static task
static1
Behavioral task
behavioral1
Sample
c8a414d439f5c449d194cc64370e1b07a2358f83059b0f33b8baf9189a45a9a2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
meren
77.91.68.253:19065
-
auth_value
a26557b435e44b55fdd4708fbba97d21
Targets
-
-
Target
c8a414d439f5c449d194cc64370e1b07a2358f83059b0f33b8baf9189a45a9a2
-
Size
1.0MB
-
MD5
00f34f518189f0eb4f61acecada137e1
-
SHA1
cd2e9f98ed92c6d6c7a2932689e7713ec92f0ea3
-
SHA256
c8a414d439f5c449d194cc64370e1b07a2358f83059b0f33b8baf9189a45a9a2
-
SHA512
dab6ca230afe4df91b55d13470c2e594f6c488d4a50384e54e81047bedcc5844697c91269db6b231c4417ff4db3d7cd3d19a588d9580ce9d0cdc75b6453c9aa1
-
SSDEEP
24576:GymFJcqmAGmO6mCttYgNc6TAWl2LbTCCHO:VmFJcDiO6bttFPTAKCbTCK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-