General
-
Target
c839c7ccff1533686a0defb4416a674462f3b4986512727c4ff978b8c9b8bd04
-
Size
779KB
-
Sample
230528-q9njysff8z
-
MD5
46ec7ba05872acfc73348155a0b4a23f
-
SHA1
6d2527804959830b44487244778c7c290a322bf4
-
SHA256
c839c7ccff1533686a0defb4416a674462f3b4986512727c4ff978b8c9b8bd04
-
SHA512
533de6ba8b645066783e4ff69ca78ca95a1f8df4b3509fda28e2ffe6e1203993ae76edbe3d83dbb0b134ab0ebb495b1f18c0d52925ba62331923d0c2e8d5526a
-
SSDEEP
12288:4Mrky90y82wj9X5vOQ4qZWJFJ3afLbxFz0ar3GsjJ1zUp2E1SSdKQeTtUeFYyNu1:syDUnGjIWbJu0U33jfEJdYFTk1
Static task
static1
Behavioral task
behavioral1
Sample
c839c7ccff1533686a0defb4416a674462f3b4986512727c4ff978b8c9b8bd04.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.127:19045
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
c839c7ccff1533686a0defb4416a674462f3b4986512727c4ff978b8c9b8bd04
-
Size
779KB
-
MD5
46ec7ba05872acfc73348155a0b4a23f
-
SHA1
6d2527804959830b44487244778c7c290a322bf4
-
SHA256
c839c7ccff1533686a0defb4416a674462f3b4986512727c4ff978b8c9b8bd04
-
SHA512
533de6ba8b645066783e4ff69ca78ca95a1f8df4b3509fda28e2ffe6e1203993ae76edbe3d83dbb0b134ab0ebb495b1f18c0d52925ba62331923d0c2e8d5526a
-
SSDEEP
12288:4Mrky90y82wj9X5vOQ4qZWJFJ3afLbxFz0ar3GsjJ1zUp2E1SSdKQeTtUeFYyNu1:syDUnGjIWbJu0U33jfEJdYFTk1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-