General
-
Target
c4bd4cbb390feb318a567b13e3b6754595bb87cea224b843ca70c66bcd272b42
-
Size
760KB
-
Sample
230527-xmag5scg99
-
MD5
a216833b090116354c341f27e79d292d
-
SHA1
3492fc1ce729b6a7e8a99ce85e1368b85b2cc05f
-
SHA256
c4bd4cbb390feb318a567b13e3b6754595bb87cea224b843ca70c66bcd272b42
-
SHA512
75f5d2ff277228e0d94f43df5a2a9ad0e532d09fbb55e750f0116d6956789af61dd6a75c95b3bafb00f2075c0bdb64bcb875c7d814203f4476b4817021742374
-
SSDEEP
12288:UMrpy907l9kxcE8fMVAQrTutTEjxIRVlblQaMsip7YC+3ToYZWECegE5xvMh:lywl9kxDnVAQOtIjSZbs77YC+3TZZdf4
Static task
static1
Behavioral task
behavioral1
Sample
c4bd4cbb390feb318a567b13e3b6754595bb87cea224b843ca70c66bcd272b42.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
mura
83.97.73.127:19062
-
auth_value
b2ee4a66a20fb9e998d6a68277565331
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
c4bd4cbb390feb318a567b13e3b6754595bb87cea224b843ca70c66bcd272b42
-
Size
760KB
-
MD5
a216833b090116354c341f27e79d292d
-
SHA1
3492fc1ce729b6a7e8a99ce85e1368b85b2cc05f
-
SHA256
c4bd4cbb390feb318a567b13e3b6754595bb87cea224b843ca70c66bcd272b42
-
SHA512
75f5d2ff277228e0d94f43df5a2a9ad0e532d09fbb55e750f0116d6956789af61dd6a75c95b3bafb00f2075c0bdb64bcb875c7d814203f4476b4817021742374
-
SSDEEP
12288:UMrpy907l9kxcE8fMVAQrTutTEjxIRVlblQaMsip7YC+3ToYZWECegE5xvMh:lywl9kxDnVAQOtIjSZbs77YC+3TZZdf4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-