General
-
Target
f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b
-
Size
1.0MB
-
Sample
230519-a4ef4aec83
-
MD5
025436c747c741e938f851539038c449
-
SHA1
33d9a55bd70722afc69e40047e467d8ee4cc62ac
-
SHA256
f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b
-
SHA512
d6ea09582d72cea48cef50b08bef0309ae6cde99f5b65ef2ab38870c43787917842896e02c997b6cc90b2b1779a39453f3e3d1a46b3f5da65a0270078a340eaf
-
SSDEEP
24576:0y0tl3UutaCevjheADl82SbiL1QYGfB4wmlg1Zlm6tTDEBi0:D0DUuJwe4C2CiL1EB6g1ZlvtTDE
Static task
static1
Behavioral task
behavioral1
Sample
f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
dolz
77.91.68.253:41783
-
auth_value
91a052e7685b96dcfc2defe95d9affb8
Targets
-
-
Target
f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b
-
Size
1.0MB
-
MD5
025436c747c741e938f851539038c449
-
SHA1
33d9a55bd70722afc69e40047e467d8ee4cc62ac
-
SHA256
f599ee5486eafdd2324bab9d66c175d4bfacfba7926747af78ef672691dfa38b
-
SHA512
d6ea09582d72cea48cef50b08bef0309ae6cde99f5b65ef2ab38870c43787917842896e02c997b6cc90b2b1779a39453f3e3d1a46b3f5da65a0270078a340eaf
-
SSDEEP
24576:0y0tl3UutaCevjheADl82SbiL1QYGfB4wmlg1Zlm6tTDEBi0:D0DUuJwe4C2CiL1EB6g1ZlvtTDE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-