General
-
Target
551703d259ca6bb177870d2021f502fc3e48cab1575efa0867f8ae1f0fa0e615
-
Size
770KB
-
Sample
230527-y3hdcsde3z
-
MD5
37ea8367fdd1c9e3b72ccdf5101c51d8
-
SHA1
e5d1299246827055b157e8f63ae2822b68fc4c4a
-
SHA256
551703d259ca6bb177870d2021f502fc3e48cab1575efa0867f8ae1f0fa0e615
-
SHA512
533c76b900e940f0abf42d7ef4dedbe235cbda8fa8d22ed79ed641d4663b0a0484bd990074aabc0bd96096e88217dfe913847c6a3f3cd7d6e00658487389a2db
-
SSDEEP
12288:7MrZy90xX5aOcwH1UJFHtA0rdCzeJPEYIXRwBji6/vtQz+wA5I1YFMG6Q9:Oy8p5NVa40r8z6IhwBjzvt4zAOYLv
Static task
static1
Behavioral task
behavioral1
Sample
551703d259ca6bb177870d2021f502fc3e48cab1575efa0867f8ae1f0fa0e615.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
551703d259ca6bb177870d2021f502fc3e48cab1575efa0867f8ae1f0fa0e615
-
Size
770KB
-
MD5
37ea8367fdd1c9e3b72ccdf5101c51d8
-
SHA1
e5d1299246827055b157e8f63ae2822b68fc4c4a
-
SHA256
551703d259ca6bb177870d2021f502fc3e48cab1575efa0867f8ae1f0fa0e615
-
SHA512
533c76b900e940f0abf42d7ef4dedbe235cbda8fa8d22ed79ed641d4663b0a0484bd990074aabc0bd96096e88217dfe913847c6a3f3cd7d6e00658487389a2db
-
SSDEEP
12288:7MrZy90xX5aOcwH1UJFHtA0rdCzeJPEYIXRwBji6/vtQz+wA5I1YFMG6Q9:Oy8p5NVa40r8z6IhwBjzvt4zAOYLv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-