General
-
Target
82b45e0166a7c63eeb6208005d3518ba0d543ac14792271d08a9ab4c9b58d06b
-
Size
1.0MB
-
Sample
230522-sqvj9sbh6x
-
MD5
b178d3254503c893806e89033172396c
-
SHA1
288663cb91b328da88044ecc8ca2b6ac91af5cd8
-
SHA256
82b45e0166a7c63eeb6208005d3518ba0d543ac14792271d08a9ab4c9b58d06b
-
SHA512
d67283de6a5216a5dbe770ba28d7d6df692597f834968d147f53522d345dc69eadb9a316426718f2ed30a9fb455f3e3c3b756098246c7c2a0f2c0065ccd28eb5
-
SSDEEP
24576:4ybQLEYseAsh+iNaKi8bF79N/mphBxwdOhDOFn6WML:/sEYlp+1KigF7DmpdwdVJM
Static task
static1
Behavioral task
behavioral1
Sample
82b45e0166a7c63eeb6208005d3518ba0d543ac14792271d08a9ab4c9b58d06b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dix
77.91.124.251:19065
-
auth_value
9b544b3d9c88af32e2f5bf8705f9a2fb
Targets
-
-
Target
82b45e0166a7c63eeb6208005d3518ba0d543ac14792271d08a9ab4c9b58d06b
-
Size
1.0MB
-
MD5
b178d3254503c893806e89033172396c
-
SHA1
288663cb91b328da88044ecc8ca2b6ac91af5cd8
-
SHA256
82b45e0166a7c63eeb6208005d3518ba0d543ac14792271d08a9ab4c9b58d06b
-
SHA512
d67283de6a5216a5dbe770ba28d7d6df692597f834968d147f53522d345dc69eadb9a316426718f2ed30a9fb455f3e3c3b756098246c7c2a0f2c0065ccd28eb5
-
SSDEEP
24576:4ybQLEYseAsh+iNaKi8bF79N/mphBxwdOhDOFn6WML:/sEYlp+1KigF7DmpdwdVJM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-