General
-
Target
04689499.exe
-
Size
1.0MB
-
Sample
230525-plagrahh73
-
MD5
f1d3250ac495982f5e086d3ea12df519
-
SHA1
63c0bf154a983b933c9b3eb05cfe77ce06381814
-
SHA256
a09efd143bb41d9fb82ba479ecdc3b45d3f76d32716f49bd14fc8b5f7afeb82a
-
SHA512
aa709c87df784a0abde0c927baf1f60e7f8eb65027b0bb7f1635f63900b7e6859d79b5e47314e65128a56441f561a8fca8f96ae829095df0d29535367197ae0a
-
SSDEEP
24576:PymsdIAOUPoGgJtVtfEcT6Rn9bKJEkZc0vfs2/7Ki:anIA1PjcaRn9gEkZ52
Static task
static1
Behavioral task
behavioral1
Sample
04689499.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
04689499.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dina
83.97.73.122:19062
-
auth_value
4f77073adc624269de1bff760b9bc471
Extracted
redline
fash
83.97.73.122:19062
-
auth_value
dd7165bcd22b0ed3df426d944e12f136
Targets
-
-
Target
04689499.exe
-
Size
1.0MB
-
MD5
f1d3250ac495982f5e086d3ea12df519
-
SHA1
63c0bf154a983b933c9b3eb05cfe77ce06381814
-
SHA256
a09efd143bb41d9fb82ba479ecdc3b45d3f76d32716f49bd14fc8b5f7afeb82a
-
SHA512
aa709c87df784a0abde0c927baf1f60e7f8eb65027b0bb7f1635f63900b7e6859d79b5e47314e65128a56441f561a8fca8f96ae829095df0d29535367197ae0a
-
SSDEEP
24576:PymsdIAOUPoGgJtVtfEcT6Rn9bKJEkZc0vfs2/7Ki:anIA1PjcaRn9gEkZ52
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-