General
-
Target
4e3644b55b755286111e2fb43841ec335b005f88731b738940a968e53ba14d25
-
Size
1.0MB
-
Sample
230522-p4lmqsbc6t
-
MD5
a08e9c0f5ef78f5e273d8042930f1c45
-
SHA1
3a778ffb377e4fb7e9941e7fe42c31d017b82ffb
-
SHA256
4e3644b55b755286111e2fb43841ec335b005f88731b738940a968e53ba14d25
-
SHA512
2048f5393e3023c8ff2d8d630b9a4b29cc2f8bbed093bb0872fa600c078b9bd1757b5839eebb2e8f671df9425828baf693dd8f36b6532b9c4f16d351b10c00b4
-
SSDEEP
24576:0yNKTghlUnHbvnMNcVqnLro675HBTmN4psc:DagfcANcVyLM6/TmN4ps
Static task
static1
Behavioral task
behavioral1
Sample
4e3644b55b755286111e2fb43841ec335b005f88731b738940a968e53ba14d25.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mix
77.91.124.251:19065
-
auth_value
5034ed53489733b1fbaf2777113a7d90
Targets
-
-
Target
4e3644b55b755286111e2fb43841ec335b005f88731b738940a968e53ba14d25
-
Size
1.0MB
-
MD5
a08e9c0f5ef78f5e273d8042930f1c45
-
SHA1
3a778ffb377e4fb7e9941e7fe42c31d017b82ffb
-
SHA256
4e3644b55b755286111e2fb43841ec335b005f88731b738940a968e53ba14d25
-
SHA512
2048f5393e3023c8ff2d8d630b9a4b29cc2f8bbed093bb0872fa600c078b9bd1757b5839eebb2e8f671df9425828baf693dd8f36b6532b9c4f16d351b10c00b4
-
SSDEEP
24576:0yNKTghlUnHbvnMNcVqnLro675HBTmN4psc:DagfcANcVyLM6/TmN4ps
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-