General
-
Target
b0ed957f0f5d4154b043483dc79ebf3321cbfae115d30b11d2d37c1b5e3d9a16
-
Size
984KB
-
Sample
230522-trhgrscb8z
-
MD5
4043443cd64cc9a2c5a382d2eec9caa4
-
SHA1
63243a147653323b21bc5aa4d976f832987db691
-
SHA256
ad865e7524759669049e1b417939632abe2efec668b039549ad84c7cb478db93
-
SHA512
b7f8b12bc39b6af6c374b39a1890e2c8bc4bd8dbb1c81ae2ea62ca699220c78ef2c6924a760e45b817a54e77b03bc64e40963ecf602ee5e3071b511fc258a8ae
-
SSDEEP
24576:z8iJjpy1g/bT3dc/fcv94Ppszz7iSQPXmj7Lok+Q7:1cmDTuDInWmLD+S
Static task
static1
Behavioral task
behavioral1
Sample
b0ed957f0f5d4154b043483dc79ebf3321cbfae115d30b11d2d37c1b5e3d9a16.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b0ed957f0f5d4154b043483dc79ebf3321cbfae115d30b11d2d37c1b5e3d9a16.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mix
77.91.124.251:19065
-
auth_value
5034ed53489733b1fbaf2777113a7d90
Targets
-
-
Target
b0ed957f0f5d4154b043483dc79ebf3321cbfae115d30b11d2d37c1b5e3d9a16
-
Size
1.0MB
-
MD5
e35926e6474dd8f456cfd5a5a31122eb
-
SHA1
5b5c6c133d6ebb1bc6290d930ad0c79fc28d8faa
-
SHA256
b0ed957f0f5d4154b043483dc79ebf3321cbfae115d30b11d2d37c1b5e3d9a16
-
SHA512
6f436ef8173406f04555c4708f9370fac5e32ddbb63d575657754fa56724bd9043cb4ec5f5231718a66032092d186682751900f5d002f603fd9958b24757a4b2
-
SSDEEP
24576:by+k/bT3XcRdcvjgPR0ilOUQqmcT3ISAB:OpzT8vJxmcTY7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-