General
-
Target
738abdf461e2bf7e7c29360325648649baaa7c6f779f3380ce4758cf5be77a22
-
Size
780KB
-
Sample
230528-pxhmhafe6w
-
MD5
a204624e15dafd81a011b013738cb6fd
-
SHA1
d5c793c61ba68f0fd1b21fab82ba9cf9ff03be0b
-
SHA256
738abdf461e2bf7e7c29360325648649baaa7c6f779f3380ce4758cf5be77a22
-
SHA512
e40d459876f26a420b41390e37fa4cc1794f128abe838e86036ad99e02a4ff11ab11b07e6f744ba8c3dc78c7eb4a2def481b7bd2bd9fda6e5a5f399cc93836f8
-
SSDEEP
12288:XMrry90rHVy5+APvlEzHoZXbqFClIKAsCbg8nJhH25qVorlfl/fGfFgtSliM:My0VyiFCfAs6nLBCfZefStSUM
Static task
static1
Behavioral task
behavioral1
Sample
738abdf461e2bf7e7c29360325648649baaa7c6f779f3380ce4758cf5be77a22.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
738abdf461e2bf7e7c29360325648649baaa7c6f779f3380ce4758cf5be77a22
-
Size
780KB
-
MD5
a204624e15dafd81a011b013738cb6fd
-
SHA1
d5c793c61ba68f0fd1b21fab82ba9cf9ff03be0b
-
SHA256
738abdf461e2bf7e7c29360325648649baaa7c6f779f3380ce4758cf5be77a22
-
SHA512
e40d459876f26a420b41390e37fa4cc1794f128abe838e86036ad99e02a4ff11ab11b07e6f744ba8c3dc78c7eb4a2def481b7bd2bd9fda6e5a5f399cc93836f8
-
SSDEEP
12288:XMrry90rHVy5+APvlEzHoZXbqFClIKAsCbg8nJhH25qVorlfl/fGfFgtSliM:My0VyiFCfAs6nLBCfZefStSUM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-