General
-
Target
09aaaafe6a61760c7337e0c79a825bac8d3fed7d7306a21ff7945ad3b5555e9f
-
Size
781KB
-
Sample
230528-q5f93sfc24
-
MD5
4d944b794484fdea8211f548fd946daf
-
SHA1
fc48bbadcef1e0da917827f930e0167f6745aa08
-
SHA256
09aaaafe6a61760c7337e0c79a825bac8d3fed7d7306a21ff7945ad3b5555e9f
-
SHA512
ea96ab3164c09aff0e676c65397fc931b3df61b5079e2556c0110e7eefe871f9709782d81795f5ec99f7dd27d70230110567684a8fcbd86dd98cc73c4ee64068
-
SSDEEP
12288:rMrfy90EivBepOZG8Oxn4ELT8IJg4WbJB4Ru8+uUWA/3rUCuERvas:8yz2BepOArxn4Ep6Iu8LUWA/39uCH
Static task
static1
Behavioral task
behavioral1
Sample
09aaaafe6a61760c7337e0c79a825bac8d3fed7d7306a21ff7945ad3b5555e9f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
09aaaafe6a61760c7337e0c79a825bac8d3fed7d7306a21ff7945ad3b5555e9f
-
Size
781KB
-
MD5
4d944b794484fdea8211f548fd946daf
-
SHA1
fc48bbadcef1e0da917827f930e0167f6745aa08
-
SHA256
09aaaafe6a61760c7337e0c79a825bac8d3fed7d7306a21ff7945ad3b5555e9f
-
SHA512
ea96ab3164c09aff0e676c65397fc931b3df61b5079e2556c0110e7eefe871f9709782d81795f5ec99f7dd27d70230110567684a8fcbd86dd98cc73c4ee64068
-
SSDEEP
12288:rMrfy90EivBepOZG8Oxn4ELT8IJg4WbJB4Ru8+uUWA/3rUCuERvas:8yz2BepOArxn4Ep6Iu8LUWA/39uCH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-