General
-
Target
177fa53624042d46b7a93074e2a20fd580464894c7919bd5d542fe3d875bfd8a
-
Size
780KB
-
Sample
230528-q1hx4sff6s
-
MD5
a6b84105c8788d97693f8ccb1fc4f4cc
-
SHA1
054353dd965a96b923864aeaa82519620e22a1ce
-
SHA256
177fa53624042d46b7a93074e2a20fd580464894c7919bd5d542fe3d875bfd8a
-
SHA512
79baaa684659de4ad57a9f4be0ab2ea83c461969e56873e0818b79a4e45a39d97e8df1de40089b74b53dbd9798e6c522ae07053a50ad21c26b2be7033d5bec69
-
SSDEEP
12288:9Mrby90PJNhDmJsE6CfuhXhoATzKGH0yBxu6w1dYoytUP/iKGrljeK7nEPTlm4IK:CyYmIXhUYLx6hpyL7exK6d
Static task
static1
Behavioral task
behavioral1
Sample
177fa53624042d46b7a93074e2a20fd580464894c7919bd5d542fe3d875bfd8a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
177fa53624042d46b7a93074e2a20fd580464894c7919bd5d542fe3d875bfd8a
-
Size
780KB
-
MD5
a6b84105c8788d97693f8ccb1fc4f4cc
-
SHA1
054353dd965a96b923864aeaa82519620e22a1ce
-
SHA256
177fa53624042d46b7a93074e2a20fd580464894c7919bd5d542fe3d875bfd8a
-
SHA512
79baaa684659de4ad57a9f4be0ab2ea83c461969e56873e0818b79a4e45a39d97e8df1de40089b74b53dbd9798e6c522ae07053a50ad21c26b2be7033d5bec69
-
SSDEEP
12288:9Mrby90PJNhDmJsE6CfuhXhoATzKGH0yBxu6w1dYoytUP/iKGrljeK7nEPTlm4IK:CyYmIXhUYLx6hpyL7exK6d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-