General
-
Target
907c6cf2b961e2f52e6af8bcd8d8120d28442111cd49dd77d2ebf7670cca3473
-
Size
770KB
-
Sample
230528-dsakjsee3t
-
MD5
58656582cc3221d3ad1f5063ada568d9
-
SHA1
65a509640cfebf215a8faabbf03c5644fecbba73
-
SHA256
907c6cf2b961e2f52e6af8bcd8d8120d28442111cd49dd77d2ebf7670cca3473
-
SHA512
23cb5666d2a55af6cb7cbbbb401cea1f9666be870b33b768b39708a413571c4435e28d4b0a42ec84ab53ef9a4e39419699f978d4e7a19ac367533963d5057fd0
-
SSDEEP
12288:wMrYy90NozicmWTr85Q9Z3NMf/bKAvivLHd/BQpcK5E+NxI7C6cbiTbqzcp8YU9p:4y1X8W9g2HK5B7I7SbIbqzc9lG
Static task
static1
Behavioral task
behavioral1
Sample
907c6cf2b961e2f52e6af8bcd8d8120d28442111cd49dd77d2ebf7670cca3473.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
907c6cf2b961e2f52e6af8bcd8d8120d28442111cd49dd77d2ebf7670cca3473
-
Size
770KB
-
MD5
58656582cc3221d3ad1f5063ada568d9
-
SHA1
65a509640cfebf215a8faabbf03c5644fecbba73
-
SHA256
907c6cf2b961e2f52e6af8bcd8d8120d28442111cd49dd77d2ebf7670cca3473
-
SHA512
23cb5666d2a55af6cb7cbbbb401cea1f9666be870b33b768b39708a413571c4435e28d4b0a42ec84ab53ef9a4e39419699f978d4e7a19ac367533963d5057fd0
-
SSDEEP
12288:wMrYy90NozicmWTr85Q9Z3NMf/bKAvivLHd/BQpcK5E+NxI7C6cbiTbqzcp8YU9p:4y1X8W9g2HK5B7I7SbIbqzc9lG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-