General
-
Target
e5b0b8dab08bcf07dc131f048980f3593b63b3b9a3f3524f01ee0c0cd27014c0
-
Size
769KB
-
Sample
230528-p8ysvsfe8s
-
MD5
ffb4eaadacb4ff0292e9f8b6193ba927
-
SHA1
03555456db14d0589010cf490f55a14ebab1a54c
-
SHA256
e5b0b8dab08bcf07dc131f048980f3593b63b3b9a3f3524f01ee0c0cd27014c0
-
SHA512
30afc6ab712ec8eb101ea55a2aaf13565667bb79c02a45a75f4b4617d6658ceb64ed4ac48dcf68ad71efde2636cc065bf5fd6f53f296400eeb0025561f201442
-
SSDEEP
12288:pMrly90D94WzplE48UToT0AJnQyGdoht7q6YiLKiIwUbYg4dfA61K+t1s108A:YyS94sT8moT0KHwW7eiLKfw+94fZfWc
Static task
static1
Behavioral task
behavioral1
Sample
e5b0b8dab08bcf07dc131f048980f3593b63b3b9a3f3524f01ee0c0cd27014c0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mawa
83.97.73.127:19062
-
auth_value
c74d280ca4e3a15ff6b2af6fe2eb955b
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
e5b0b8dab08bcf07dc131f048980f3593b63b3b9a3f3524f01ee0c0cd27014c0
-
Size
769KB
-
MD5
ffb4eaadacb4ff0292e9f8b6193ba927
-
SHA1
03555456db14d0589010cf490f55a14ebab1a54c
-
SHA256
e5b0b8dab08bcf07dc131f048980f3593b63b3b9a3f3524f01ee0c0cd27014c0
-
SHA512
30afc6ab712ec8eb101ea55a2aaf13565667bb79c02a45a75f4b4617d6658ceb64ed4ac48dcf68ad71efde2636cc065bf5fd6f53f296400eeb0025561f201442
-
SSDEEP
12288:pMrly90D94WzplE48UToT0AJnQyGdoht7q6YiLKiIwUbYg4dfA61K+t1s108A:YyS94sT8moT0KHwW7eiLKfw+94fZfWc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-