General
-
Target
e38ec9239bea09ce4a84d426453b5891c8e43915aaba05fe0e8df5545d8230a1
-
Size
1019KB
-
Sample
230523-21h4naaf81
-
MD5
09601a9f4aa6174d862b6ef3d8ba0282
-
SHA1
9aed77876e95f2c700303b4ec6651ad27d03e806
-
SHA256
e38ec9239bea09ce4a84d426453b5891c8e43915aaba05fe0e8df5545d8230a1
-
SHA512
22a779477d74bd8a6bc8ef91541d23b5dced479f9899e945b58302fcc29157c68b76112b997649d3ede6b079cac83ac680786f5dc774e3c3f64f993962c615f4
-
SSDEEP
24576:KypzD3eSXD4Qvz5iyUPn9S2M2WfEyCsypPSjRpgEu:R9DDXD5bUPAN2gHCssSjrz
Static task
static1
Behavioral task
behavioral1
Sample
e38ec9239bea09ce4a84d426453b5891c8e43915aaba05fe0e8df5545d8230a1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lupa
83.97.73.122:19062
-
auth_value
6a764aa41830c77712442516d143bc9c
Targets
-
-
Target
e38ec9239bea09ce4a84d426453b5891c8e43915aaba05fe0e8df5545d8230a1
-
Size
1019KB
-
MD5
09601a9f4aa6174d862b6ef3d8ba0282
-
SHA1
9aed77876e95f2c700303b4ec6651ad27d03e806
-
SHA256
e38ec9239bea09ce4a84d426453b5891c8e43915aaba05fe0e8df5545d8230a1
-
SHA512
22a779477d74bd8a6bc8ef91541d23b5dced479f9899e945b58302fcc29157c68b76112b997649d3ede6b079cac83ac680786f5dc774e3c3f64f993962c615f4
-
SSDEEP
24576:KypzD3eSXD4Qvz5iyUPn9S2M2WfEyCsypPSjRpgEu:R9DDXD5bUPAN2gHCssSjrz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-