General
-
Target
90a30c27722e3c2555ee1c0c658368e09893fa6929f035b2fc8635945bb76173
-
Size
916KB
-
Sample
230524-h8x31abh7y
-
MD5
209657e40c6bb7d471916a6623b3302f
-
SHA1
5c1c4afe4dfd1173fa14ffe9938bf133e9c2147d
-
SHA256
90a30c27722e3c2555ee1c0c658368e09893fa6929f035b2fc8635945bb76173
-
SHA512
ac86844b13d772dc4056cb8957c980368e3816971b9c735d80caf68b598e7e91420d25e9a4e27a8701f7311a25137bc8831baec2dc876c035f8d98181ccad8d0
-
SSDEEP
24576:1yYIMAa/fezR4RmiqXEZVKxxMmoDqGu+Ln53:Q9IXMORmFXEnKx+mg/L5
Static task
static1
Behavioral task
behavioral1
Sample
90a30c27722e3c2555ee1c0c658368e09893fa6929f035b2fc8635945bb76173.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lupa
83.97.73.122:19062
-
auth_value
6a764aa41830c77712442516d143bc9c
Targets
-
-
Target
90a30c27722e3c2555ee1c0c658368e09893fa6929f035b2fc8635945bb76173
-
Size
916KB
-
MD5
209657e40c6bb7d471916a6623b3302f
-
SHA1
5c1c4afe4dfd1173fa14ffe9938bf133e9c2147d
-
SHA256
90a30c27722e3c2555ee1c0c658368e09893fa6929f035b2fc8635945bb76173
-
SHA512
ac86844b13d772dc4056cb8957c980368e3816971b9c735d80caf68b598e7e91420d25e9a4e27a8701f7311a25137bc8831baec2dc876c035f8d98181ccad8d0
-
SSDEEP
24576:1yYIMAa/fezR4RmiqXEZVKxxMmoDqGu+Ln53:Q9IXMORmFXEnKx+mg/L5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-