General
-
Target
e39dc6db871afa2ba69a05eb7b7c2ea09747c0fda51ea02f4970a697abe819ec
-
Size
764KB
-
Sample
230526-m4sd6sff4s
-
MD5
4658ba34fdc58eadaf6a05dc0704c211
-
SHA1
887790956249e5fa9bc9fcadc5e8eb0611453b5d
-
SHA256
e39dc6db871afa2ba69a05eb7b7c2ea09747c0fda51ea02f4970a697abe819ec
-
SHA512
cb4798e9d9be515e5cf33e41401852a0bee1600dfa1795c82db186e6ce5b69c42be2a81d8a51c475be6abd5bb54fd831e8ae94c480ed6a22e99618eaff8e5692
-
SSDEEP
12288:GMrIy903nSveTFgw+VmNpRZn3ntLHegG5SGWrTp1PeWCADAII4dbPmdQLBzE50KU:Ky+nUe5g8NpRZXIbjWXjPeWCAE94hPmG
Static task
static1
Behavioral task
behavioral1
Sample
e39dc6db871afa2ba69a05eb7b7c2ea09747c0fda51ea02f4970a697abe819ec.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
e39dc6db871afa2ba69a05eb7b7c2ea09747c0fda51ea02f4970a697abe819ec
-
Size
764KB
-
MD5
4658ba34fdc58eadaf6a05dc0704c211
-
SHA1
887790956249e5fa9bc9fcadc5e8eb0611453b5d
-
SHA256
e39dc6db871afa2ba69a05eb7b7c2ea09747c0fda51ea02f4970a697abe819ec
-
SHA512
cb4798e9d9be515e5cf33e41401852a0bee1600dfa1795c82db186e6ce5b69c42be2a81d8a51c475be6abd5bb54fd831e8ae94c480ed6a22e99618eaff8e5692
-
SSDEEP
12288:GMrIy903nSveTFgw+VmNpRZn3ntLHegG5SGWrTp1PeWCADAII4dbPmdQLBzE50KU:Ky+nUe5g8NpRZXIbjWXjPeWCAE94hPmG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-