General
-
Target
11343a4658ee2da815f2698ae2a1edc6d8d1dc6674383f754eb4c40a3ee589cf
-
Size
1.0MB
-
Sample
230520-tza3naga2z
-
MD5
2a7ece8a008c33e24c284db95555ffa2
-
SHA1
d39cf4b3310365e54ec0a593a622cf530fcbffee
-
SHA256
11343a4658ee2da815f2698ae2a1edc6d8d1dc6674383f754eb4c40a3ee589cf
-
SHA512
1fe33e1d71e4704d4a749d76de06b811bff08fb906bd6873dacc615d10be536df4944364181b75912501b596c0e80cd782873331350e526dfa9d94d0838f29e9
-
SSDEEP
24576:Lyf+RrJwaAGm067uYXHvVR7gktTXr2LYwYZLPzTDlc5Wi:+mrA06n3HRF6vYZLbTD+
Static task
static1
Behavioral task
behavioral1
Sample
11343a4658ee2da815f2698ae2a1edc6d8d1dc6674383f754eb4c40a3ee589cf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
deren
77.91.68.253:19065
-
auth_value
04a169f1fb198bfbeca74d0e06ea2d54
Targets
-
-
Target
11343a4658ee2da815f2698ae2a1edc6d8d1dc6674383f754eb4c40a3ee589cf
-
Size
1.0MB
-
MD5
2a7ece8a008c33e24c284db95555ffa2
-
SHA1
d39cf4b3310365e54ec0a593a622cf530fcbffee
-
SHA256
11343a4658ee2da815f2698ae2a1edc6d8d1dc6674383f754eb4c40a3ee589cf
-
SHA512
1fe33e1d71e4704d4a749d76de06b811bff08fb906bd6873dacc615d10be536df4944364181b75912501b596c0e80cd782873331350e526dfa9d94d0838f29e9
-
SSDEEP
24576:Lyf+RrJwaAGm067uYXHvVR7gktTXr2LYwYZLPzTDlc5Wi:+mrA06n3HRF6vYZLbTD+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-