General
-
Target
7f11f2c102a1c64fb436848798ea197f329184bc57a3df9bbac3fc9946ac9119
-
Size
764KB
-
Sample
230526-m2qgssfb37
-
MD5
ccc7dac3849f43b2c07e4af0fcccc117
-
SHA1
34a05422f122603965af917564da4e485491920e
-
SHA256
7f11f2c102a1c64fb436848798ea197f329184bc57a3df9bbac3fc9946ac9119
-
SHA512
22aebf2ecb97b74df26dfacaea05c14d18f1101666aa389ff27d14a7b5ad2253332cc38665e1cf19a4bcc29bd0992e8e70dfc5919ee23a8a7f310a86c8f0f125
-
SSDEEP
12288:6MrFy90hyILZ8RbWmT797awtm3yziN+lyW5Nf/Vd+sn8xUmKb9rmp4dVxmd8LBj8:vyQyoyRbWmTp7awMsiUlyWLnV4oTza4+
Static task
static1
Behavioral task
behavioral1
Sample
7f11f2c102a1c64fb436848798ea197f329184bc57a3df9bbac3fc9946ac9119.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
misa
83.97.73.122:19062
-
auth_value
9e79529a6bdb4962f44d12b0d6d62d32
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
7f11f2c102a1c64fb436848798ea197f329184bc57a3df9bbac3fc9946ac9119
-
Size
764KB
-
MD5
ccc7dac3849f43b2c07e4af0fcccc117
-
SHA1
34a05422f122603965af917564da4e485491920e
-
SHA256
7f11f2c102a1c64fb436848798ea197f329184bc57a3df9bbac3fc9946ac9119
-
SHA512
22aebf2ecb97b74df26dfacaea05c14d18f1101666aa389ff27d14a7b5ad2253332cc38665e1cf19a4bcc29bd0992e8e70dfc5919ee23a8a7f310a86c8f0f125
-
SSDEEP
12288:6MrFy90hyILZ8RbWmT797awtm3yziN+lyW5Nf/Vd+sn8xUmKb9rmp4dVxmd8LBj8:vyQyoyRbWmTp7awMsiUlyWLnV4oTza4+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-