General
-
Target
game329.exe
-
Size
1.0MB
-
Sample
230521-m2afkshf22
-
MD5
93a840f72b285d9d277c8d9f83f453a6
-
SHA1
8db24b9550db96ccae599f9a7d2d3db7ee5e8934
-
SHA256
f4b937ca01d2977a86ca85f41b70e6d56eb21e7379dc41403a21a50dfd59c858
-
SHA512
880848926e406ffd34c89e6dec5fc37a189c6049eceb67c3126232c780477482e327159748376f8f501ae89fc2aef71c71248a8161745753a0c65a2573e6a6dd
-
SSDEEP
24576:gySGer1lLFwtaDOxbWzq7RqFaU3ICLMM0jVbkP6Z2ls/+NX:nSGer1lJkaDOIzq7RqgU3l+M6Z2lsk
Static task
static1
Behavioral task
behavioral1
Sample
game329.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
game329.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
185.161.248.37:4138
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
game329.exe
-
Size
1.0MB
-
MD5
93a840f72b285d9d277c8d9f83f453a6
-
SHA1
8db24b9550db96ccae599f9a7d2d3db7ee5e8934
-
SHA256
f4b937ca01d2977a86ca85f41b70e6d56eb21e7379dc41403a21a50dfd59c858
-
SHA512
880848926e406ffd34c89e6dec5fc37a189c6049eceb67c3126232c780477482e327159748376f8f501ae89fc2aef71c71248a8161745753a0c65a2573e6a6dd
-
SSDEEP
24576:gySGer1lLFwtaDOxbWzq7RqFaU3ICLMM0jVbkP6Z2ls/+NX:nSGer1lJkaDOIzq7RqgU3l+M6Z2lsk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-