General
-
Target
e4a53ececba2c88868fa19b1634ef33de00cad4932e1337046ba4ffa5a239d11
-
Size
1.0MB
-
Sample
230526-mzdefsff2w
-
MD5
efd0cd6b560a648ac4294b776fe02109
-
SHA1
74c54b35d8590ea260bc96fb65f2039690c04f7d
-
SHA256
e4a53ececba2c88868fa19b1634ef33de00cad4932e1337046ba4ffa5a239d11
-
SHA512
139d32ed9bb38faed03a0928fc722f45dd51ee0e2cd979ce65deeb081e6d99f322c8d4e6755112092b8f0c1b90cfa7b80cd9ae1e722dd1505517f28e3f9ac22f
-
SSDEEP
24576:Jyl0mhaxYqfRTD1JC4C8mdfnQWw2QhVRTjcVR0CKma0/:8ymYYqZTDg8mdfQWw2ucTv
Static task
static1
Behavioral task
behavioral1
Sample
e4a53ececba2c88868fa19b1634ef33de00cad4932e1337046ba4ffa5a239d11.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
e4a53ececba2c88868fa19b1634ef33de00cad4932e1337046ba4ffa5a239d11
-
Size
1.0MB
-
MD5
efd0cd6b560a648ac4294b776fe02109
-
SHA1
74c54b35d8590ea260bc96fb65f2039690c04f7d
-
SHA256
e4a53ececba2c88868fa19b1634ef33de00cad4932e1337046ba4ffa5a239d11
-
SHA512
139d32ed9bb38faed03a0928fc722f45dd51ee0e2cd979ce65deeb081e6d99f322c8d4e6755112092b8f0c1b90cfa7b80cd9ae1e722dd1505517f28e3f9ac22f
-
SSDEEP
24576:Jyl0mhaxYqfRTD1JC4C8mdfnQWw2QhVRTjcVR0CKma0/:8ymYYqZTDg8mdfQWw2ucTv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-