General
-
Target
bb7136898cb45455cd1a3c1ab8b5e24902b74003d7c08fd0caebd4da495ebca9
-
Size
763KB
-
Sample
230526-m2rd4afb38
-
MD5
cff448c28fb36c840d2850c55efeece3
-
SHA1
8ea6189c12fde79af32a90f912bd0e9c6ec29e6d
-
SHA256
bb7136898cb45455cd1a3c1ab8b5e24902b74003d7c08fd0caebd4da495ebca9
-
SHA512
00555f3ab2f0d28249631f1adffe7538b252e749e56265ff6e3f78b31ea1ea0d05d50835782e1e1896b950adb440c7c7e5d25dba6d70f572faea73ea0d26b688
-
SSDEEP
12288:zMrAy90TGuJH2BHFiFm6tl0Ca/GtgGRPlqGBEISb650II4dvDmdQLBTE1M:DyGGG2b60lGKG+gSb6O94xDmdUEM
Static task
static1
Behavioral task
behavioral1
Sample
bb7136898cb45455cd1a3c1ab8b5e24902b74003d7c08fd0caebd4da495ebca9.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
bb7136898cb45455cd1a3c1ab8b5e24902b74003d7c08fd0caebd4da495ebca9
-
Size
763KB
-
MD5
cff448c28fb36c840d2850c55efeece3
-
SHA1
8ea6189c12fde79af32a90f912bd0e9c6ec29e6d
-
SHA256
bb7136898cb45455cd1a3c1ab8b5e24902b74003d7c08fd0caebd4da495ebca9
-
SHA512
00555f3ab2f0d28249631f1adffe7538b252e749e56265ff6e3f78b31ea1ea0d05d50835782e1e1896b950adb440c7c7e5d25dba6d70f572faea73ea0d26b688
-
SSDEEP
12288:zMrAy90TGuJH2BHFiFm6tl0Ca/GtgGRPlqGBEISb650II4dvDmdQLBTE1M:DyGGG2b60lGKG+gSb6O94xDmdUEM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-