General
-
Target
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04
-
Size
1.0MB
-
Sample
230526-2bzp4shg9t
-
MD5
f271d8bd82c548b193596709859a1882
-
SHA1
03d5c8a3fe9c139a05d27a6fa13707b62498672b
-
SHA256
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04
-
SHA512
25d08ebf8d39420333aed443905957f2e08d19812b261f537e10fbf52a4b0649cb33f25af20b00c493fddd611d595a4299ede0bc0f647434e6f3fb781a057ffa
-
SSDEEP
24576:1yU2P91Ak1oOE5gVbBvLyYmAVR5koaDqWTDsinQL:Q71b1g5KNpPSNDqWTwGQ
Static task
static1
Behavioral task
behavioral1
Sample
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
duxa
77.91.68.157:19065
-
auth_value
953a331341f07583fec00af44e01ec7d
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04
-
Size
1.0MB
-
MD5
f271d8bd82c548b193596709859a1882
-
SHA1
03d5c8a3fe9c139a05d27a6fa13707b62498672b
-
SHA256
f9e5d60acf80dca74e9218efc2d0bbffd332bd78cd9b99d2cb95aaaed0e23e04
-
SHA512
25d08ebf8d39420333aed443905957f2e08d19812b261f537e10fbf52a4b0649cb33f25af20b00c493fddd611d595a4299ede0bc0f647434e6f3fb781a057ffa
-
SSDEEP
24576:1yU2P91Ak1oOE5gVbBvLyYmAVR5koaDqWTDsinQL:Q71b1g5KNpPSNDqWTwGQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-