General
-
Target
216109af76be0dcc5173bfffcde6f19d.bin
-
Size
720KB
-
Sample
230528-bgs7eaeb6v
-
MD5
b702441ac2cedb3a9fe4636ef4240582
-
SHA1
462db8e0e5014295eaa4b23117c1cfad28a5fe4b
-
SHA256
831a03e4b3349a99043c9dcf6f2af3372f3dbe88cc8caf606f8a888c7af7947d
-
SHA512
078da496bf5b1a1e34e6a84cb5022ac30fe969c8516d7e44a6faee10bc8f843f6d36fd94045b1a7eb9e156552afe41d680c98d4c15d39d536cb3875c6cc9f0ae
-
SSDEEP
12288:t6gcoJhHT4fBOyQJROWOlMMSMBf2wtWZf51+BN/cFoC0LYDnb1EYH1CSW6q+cPDx:Mgcj5OH7We6WoBiFLRDbDfcfdQo
Static task
static1
Behavioral task
behavioral1
Sample
0c97a6f4fced09a4eabdaaa2be8ee628aba274ce1e9f6ac219e70d8547f132ff.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0c97a6f4fced09a4eabdaaa2be8ee628aba274ce1e9f6ac219e70d8547f132ff.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
misa
83.97.73.122:19062
-
auth_value
9e79529a6bdb4962f44d12b0d6d62d32
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
0c97a6f4fced09a4eabdaaa2be8ee628aba274ce1e9f6ac219e70d8547f132ff.exe
-
Size
764KB
-
MD5
216109af76be0dcc5173bfffcde6f19d
-
SHA1
c451acb29b897914b3a67a6e83315a0a0c788311
-
SHA256
0c97a6f4fced09a4eabdaaa2be8ee628aba274ce1e9f6ac219e70d8547f132ff
-
SHA512
5a5abfefd8f7bec13c693f686a71ad10390a825c0df240f223a9c697c402a4efca03e420051cf1ac5e7a6e3798eee90399b6918160b205937c0954d1792d6969
-
SSDEEP
12288:WMrxy90DZGPAL4Tvouft6d6S2E59N0CDrWEbgPKII4dBlmdQLBlEd:3y1PFTQVErk0CHWGgi94flmdUG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-