General
-
Target
0f03545d91b8a2d8c4f914d025120d8a7df7e3487b82577f7d1503bafe2b1fe0
-
Size
1.0MB
-
Sample
230526-m9z17sfb58
-
MD5
545aa43bc660a59f7382a54ebaaea413
-
SHA1
7f5898c677c172e66389f865336d24ff5cf7b5b1
-
SHA256
0f03545d91b8a2d8c4f914d025120d8a7df7e3487b82577f7d1503bafe2b1fe0
-
SHA512
cd787e4779c8ad3eeda659ebe65b519bf72b8f46fd728222a363b9cc0ef6d61841d3e56e0584772d65c8dc294217358e398cf95e4b2a649e40ae24633b207e42
-
SSDEEP
24576:RyIEEqKmmQsMW1dPjIcj3PMpSimdoLn+lhOMCw1i/QgomBPPUxy6:ElEvmfXW8cjMVmdoLn6Z1iGT
Static task
static1
Behavioral task
behavioral1
Sample
0f03545d91b8a2d8c4f914d025120d8a7df7e3487b82577f7d1503bafe2b1fe0.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
0f03545d91b8a2d8c4f914d025120d8a7df7e3487b82577f7d1503bafe2b1fe0
-
Size
1.0MB
-
MD5
545aa43bc660a59f7382a54ebaaea413
-
SHA1
7f5898c677c172e66389f865336d24ff5cf7b5b1
-
SHA256
0f03545d91b8a2d8c4f914d025120d8a7df7e3487b82577f7d1503bafe2b1fe0
-
SHA512
cd787e4779c8ad3eeda659ebe65b519bf72b8f46fd728222a363b9cc0ef6d61841d3e56e0584772d65c8dc294217358e398cf95e4b2a649e40ae24633b207e42
-
SSDEEP
24576:RyIEEqKmmQsMW1dPjIcj3PMpSimdoLn+lhOMCw1i/QgomBPPUxy6:ElEvmfXW8cjMVmdoLn6Z1iGT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-