General
-
Target
cca2c639b0d38d833e093eb633643542e4d58e46a2e29c83565bbe8ebfa8b1fa
-
Size
764KB
-
Sample
230526-nrvjfafc32
-
MD5
4dfd75c208666056ea211faf92e01217
-
SHA1
7f65d9a60861e1963edabf93fb4a84b9d11b9dea
-
SHA256
cca2c639b0d38d833e093eb633643542e4d58e46a2e29c83565bbe8ebfa8b1fa
-
SHA512
07899c492f6935cda188040b908879ec8b962e3fcca5e4e32cb8bd6a84ccb3c777f9a8ceff5facc094ab7dcce5a6b160c16baa910d1534eb2b198ce5f4b686aa
-
SSDEEP
12288:WMrRy90Narv7vim8nxQ6D6BqYzt1kz898/whMoNEI3o911Xv+I1uKzPHypuII4dH:fyJ3Wa6D0qYzi89/MoPo911f7uWHy49k
Static task
static1
Behavioral task
behavioral1
Sample
cca2c639b0d38d833e093eb633643542e4d58e46a2e29c83565bbe8ebfa8b1fa.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
misa
83.97.73.122:19062
-
auth_value
9e79529a6bdb4962f44d12b0d6d62d32
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
cca2c639b0d38d833e093eb633643542e4d58e46a2e29c83565bbe8ebfa8b1fa
-
Size
764KB
-
MD5
4dfd75c208666056ea211faf92e01217
-
SHA1
7f65d9a60861e1963edabf93fb4a84b9d11b9dea
-
SHA256
cca2c639b0d38d833e093eb633643542e4d58e46a2e29c83565bbe8ebfa8b1fa
-
SHA512
07899c492f6935cda188040b908879ec8b962e3fcca5e4e32cb8bd6a84ccb3c777f9a8ceff5facc094ab7dcce5a6b160c16baa910d1534eb2b198ce5f4b686aa
-
SSDEEP
12288:WMrRy90Narv7vim8nxQ6D6BqYzt1kz898/whMoNEI3o911Xv+I1uKzPHypuII4dH:fyJ3Wa6D0qYzi89/MoPo911f7uWHy49k
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-