General
-
Target
9cf59d521e44419451c720dc8c282e826b2a36480508e02da718e58196b4e0e9
-
Size
1.0MB
-
Sample
230522-t5eb9scb61
-
MD5
2c1ce8b8a9d2565ee3ed753fe3590d0b
-
SHA1
767fa5644641b9803088f6c9f61db6e97d5beff9
-
SHA256
9cf59d521e44419451c720dc8c282e826b2a36480508e02da718e58196b4e0e9
-
SHA512
9df9f0d9168d3b05f92d22bd73e5a4b3f57bc11f2229e0d7a40b606d62ce6b772d016a83e3e056e06d04c63c8946aeee0e6c1a0d48a5aabb9d460a17f92fe437
-
SSDEEP
24576:rysuE3LXfQsYsmMvMhzreWM18Ds4yxkCZfK7wL9DvQ29/K4:emMlhzreb8Ds4yxFZicer
Static task
static1
Behavioral task
behavioral1
Sample
9cf59d521e44419451c720dc8c282e826b2a36480508e02da718e58196b4e0e9.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dix
77.91.124.251:19065
-
auth_value
9b544b3d9c88af32e2f5bf8705f9a2fb
Targets
-
-
Target
9cf59d521e44419451c720dc8c282e826b2a36480508e02da718e58196b4e0e9
-
Size
1.0MB
-
MD5
2c1ce8b8a9d2565ee3ed753fe3590d0b
-
SHA1
767fa5644641b9803088f6c9f61db6e97d5beff9
-
SHA256
9cf59d521e44419451c720dc8c282e826b2a36480508e02da718e58196b4e0e9
-
SHA512
9df9f0d9168d3b05f92d22bd73e5a4b3f57bc11f2229e0d7a40b606d62ce6b772d016a83e3e056e06d04c63c8946aeee0e6c1a0d48a5aabb9d460a17f92fe437
-
SSDEEP
24576:rysuE3LXfQsYsmMvMhzreWM18Ds4yxkCZfK7wL9DvQ29/K4:emMlhzreb8Ds4yxFZicer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-