General
-
Target
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb.exe
-
Size
1.0MB
-
Sample
230522-w5pt4scg31
-
MD5
58cfee6b230bea3aa08289550f453c8e
-
SHA1
0f6d48e44aeffb790aed267115cbbd4a651ae650
-
SHA256
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb
-
SHA512
29d77a3e23932f188dd17ae21ec70c3bae55d8584931f2271255a09ed929cc536c704dace5344762729d2e6afc59af73488e8d8b6cc04f8aced3d88a43e9c465
-
SSDEEP
24576:ZyCeCcsPM0lhQZVjo3IJmi7AxdJM5wpoYe6B:MCeCcykXmUmi7AxduPYe6
Static task
static1
Behavioral task
behavioral1
Sample
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dix
77.91.124.251:19065
-
auth_value
9b544b3d9c88af32e2f5bf8705f9a2fb
Targets
-
-
Target
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb.exe
-
Size
1.0MB
-
MD5
58cfee6b230bea3aa08289550f453c8e
-
SHA1
0f6d48e44aeffb790aed267115cbbd4a651ae650
-
SHA256
135257fe458194d7d210a195226d01604562ea055730d6971c5da87e89c1d0fb
-
SHA512
29d77a3e23932f188dd17ae21ec70c3bae55d8584931f2271255a09ed929cc536c704dace5344762729d2e6afc59af73488e8d8b6cc04f8aced3d88a43e9c465
-
SSDEEP
24576:ZyCeCcsPM0lhQZVjo3IJmi7AxdJM5wpoYe6B:MCeCcykXmUmi7AxduPYe6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-