General
-
Target
492ae1fa8e25be68387a24bac9c93be9981f09e13edec4d19804a2373b7420c2
-
Size
764KB
-
Sample
230526-mzrl3sff2y
-
MD5
df17e65014b57f9f206daceb05b174e5
-
SHA1
45e4f5c4dde2ddadffa52e0cddd79bc2f264d6dc
-
SHA256
492ae1fa8e25be68387a24bac9c93be9981f09e13edec4d19804a2373b7420c2
-
SHA512
626c84735f190fb0463f5a82b48e44bc94792f6e5b25c3b6cb4b99007069f5a6188a7ac36c5909bb81359b80aa95e726d57db4552ea73ebda0a3fd5986c2d4cb
-
SSDEEP
12288:8MrRy90KioVHnIY9IawQSTw/4hlG1Sl9MqPhpkpYQHu69x42II4d7fmdQLBYEL8:VyAoVp9RZSlG1SHMKhpkpYIJx4294Bfq
Static task
static1
Behavioral task
behavioral1
Sample
492ae1fa8e25be68387a24bac9c93be9981f09e13edec4d19804a2373b7420c2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
misa
83.97.73.122:19062
-
auth_value
9e79529a6bdb4962f44d12b0d6d62d32
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
492ae1fa8e25be68387a24bac9c93be9981f09e13edec4d19804a2373b7420c2
-
Size
764KB
-
MD5
df17e65014b57f9f206daceb05b174e5
-
SHA1
45e4f5c4dde2ddadffa52e0cddd79bc2f264d6dc
-
SHA256
492ae1fa8e25be68387a24bac9c93be9981f09e13edec4d19804a2373b7420c2
-
SHA512
626c84735f190fb0463f5a82b48e44bc94792f6e5b25c3b6cb4b99007069f5a6188a7ac36c5909bb81359b80aa95e726d57db4552ea73ebda0a3fd5986c2d4cb
-
SSDEEP
12288:8MrRy90KioVHnIY9IawQSTw/4hlG1Sl9MqPhpkpYQHu69x42II4d7fmdQLBYEL8:VyAoVp9RZSlG1SHMKhpkpYIJx4294Bfq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-