General
-
Target
2280cf11c6bb3bc23b52b766779ef9800068e0d38b071f3561657be26f834b36
-
Size
765KB
-
Sample
230526-mxv7gsfb27
-
MD5
870e4e7df370df67106015cb548aad5d
-
SHA1
6066e9a320c281a2e8f9b1e2354fcb1145f06d01
-
SHA256
2280cf11c6bb3bc23b52b766779ef9800068e0d38b071f3561657be26f834b36
-
SHA512
6fa286fb436a76cf381483795de82a316b2956bd127a01b6e3b3665511afa031e48624d23f24a9132f0a9c137cedbfe85f29ba7029943c0866db82120f81ec1a
-
SSDEEP
12288:eMrOy90NfvstQXFqoCf3MKINJUV6kPaTiO+BEyrHJwW+tJMxFvdO5FRmdQLBSEq:gy2fvhVqoCGk1d2tGHdO5FRmdU0
Static task
static1
Behavioral task
behavioral1
Sample
2280cf11c6bb3bc23b52b766779ef9800068e0d38b071f3561657be26f834b36.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
2280cf11c6bb3bc23b52b766779ef9800068e0d38b071f3561657be26f834b36
-
Size
765KB
-
MD5
870e4e7df370df67106015cb548aad5d
-
SHA1
6066e9a320c281a2e8f9b1e2354fcb1145f06d01
-
SHA256
2280cf11c6bb3bc23b52b766779ef9800068e0d38b071f3561657be26f834b36
-
SHA512
6fa286fb436a76cf381483795de82a316b2956bd127a01b6e3b3665511afa031e48624d23f24a9132f0a9c137cedbfe85f29ba7029943c0866db82120f81ec1a
-
SSDEEP
12288:eMrOy90NfvstQXFqoCf3MKINJUV6kPaTiO+BEyrHJwW+tJMxFvdO5FRmdQLBSEq:gy2fvhVqoCGk1d2tGHdO5FRmdU0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-