General
-
Target
1f82d8215ce77f3f82b98bff653f05bb063437c6c8aab08285044c916ef32e92
-
Size
1021KB
-
Sample
230521-fbqljsah21
-
MD5
85c738b7cd0240ae958d83c89af77822
-
SHA1
84e4acb965f74022c52ec61590b83e9115302014
-
SHA256
1f82d8215ce77f3f82b98bff653f05bb063437c6c8aab08285044c916ef32e92
-
SHA512
fc0a2533676d8a46a6009f88f55133df5aee74294b99eb55e3b6501faa4fe718332e5b14032ab0f543604723a62318aff26c65ce2a59c45aa0c413fe79b8b748
-
SSDEEP
24576:rywXWKpqsd8qTRFa0njZgIguAZmU90rsu:eTKksd8qlUGmzhh04
Static task
static1
Behavioral task
behavioral1
Sample
1f82d8215ce77f3f82b98bff653f05bb063437c6c8aab08285044c916ef32e92.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
luza
185.161.248.37:4138
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Targets
-
-
Target
1f82d8215ce77f3f82b98bff653f05bb063437c6c8aab08285044c916ef32e92
-
Size
1021KB
-
MD5
85c738b7cd0240ae958d83c89af77822
-
SHA1
84e4acb965f74022c52ec61590b83e9115302014
-
SHA256
1f82d8215ce77f3f82b98bff653f05bb063437c6c8aab08285044c916ef32e92
-
SHA512
fc0a2533676d8a46a6009f88f55133df5aee74294b99eb55e3b6501faa4fe718332e5b14032ab0f543604723a62318aff26c65ce2a59c45aa0c413fe79b8b748
-
SSDEEP
24576:rywXWKpqsd8qTRFa0njZgIguAZmU90rsu:eTKksd8qlUGmzhh04
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-