General
-
Target
c9290d43e91b1f509d72b5fc64cc39b40a7caa2c8712300bc8fa9b8312be99d6
-
Size
1.0MB
-
Sample
230526-r79j3sga23
-
MD5
02c385c9f3482b04b9a4e731c0edc771
-
SHA1
89b92201e5df593d81c47510b0dab5cf45b2c1b5
-
SHA256
c9290d43e91b1f509d72b5fc64cc39b40a7caa2c8712300bc8fa9b8312be99d6
-
SHA512
ba9ccb16882058e336d674a2bf582aed7f4966d00f19480bfd70afc9da19afac7bd0332de56efb4c9ff08d208c14404e8e6ab6ca5ebd340b33bc15d251ff07df
-
SSDEEP
24576:yyjV8xFxq0RPSsXlp64zMmdEh+ZU6cOx+B13UX9gFf6:ZjsFxNRR1pRMmdEhGU6cOxUNA9
Static task
static1
Behavioral task
behavioral1
Sample
c9290d43e91b1f509d72b5fc64cc39b40a7caa2c8712300bc8fa9b8312be99d6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lisa
83.97.73.122:19062
-
auth_value
c2dc311db9820012377b054447d37949
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
c9290d43e91b1f509d72b5fc64cc39b40a7caa2c8712300bc8fa9b8312be99d6
-
Size
1.0MB
-
MD5
02c385c9f3482b04b9a4e731c0edc771
-
SHA1
89b92201e5df593d81c47510b0dab5cf45b2c1b5
-
SHA256
c9290d43e91b1f509d72b5fc64cc39b40a7caa2c8712300bc8fa9b8312be99d6
-
SHA512
ba9ccb16882058e336d674a2bf582aed7f4966d00f19480bfd70afc9da19afac7bd0332de56efb4c9ff08d208c14404e8e6ab6ca5ebd340b33bc15d251ff07df
-
SSDEEP
24576:yyjV8xFxq0RPSsXlp64zMmdEh+ZU6cOx+B13UX9gFf6:ZjsFxNRR1pRMmdEhGU6cOxUNA9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-