General
-
Target
96668bb40c6339fb12a28aaab8a53e0012e82d5b647b3bccb226060db2abaf9c
-
Size
770KB
-
Sample
230528-qf1bnafb56
-
MD5
7e335bd4ae5afa13c5ed286621436293
-
SHA1
494c638d58de15d7d0ce04ce0eadf75b6a108a68
-
SHA256
96668bb40c6339fb12a28aaab8a53e0012e82d5b647b3bccb226060db2abaf9c
-
SHA512
594b2b229ffbdf409398a527f0f7f866bfe67047dd57fda788705cbc1d5d1e87375085a5fd1f37494ccbe9622032744d1d5ae7045487418297e4475b3a7f6193
-
SSDEEP
12288:6Mr3y909qhH1Ws7WwBCPT+JTpLgaJz7Gg9Aie0F2ScZU+OScRjLJC9QRR/sdEOrE:lybhlWwZeGndQJZqRjjR/qLfi
Static task
static1
Behavioral task
behavioral1
Sample
96668bb40c6339fb12a28aaab8a53e0012e82d5b647b3bccb226060db2abaf9c.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
mawa
83.97.73.127:19062
-
auth_value
c74d280ca4e3a15ff6b2af6fe2eb955b
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
96668bb40c6339fb12a28aaab8a53e0012e82d5b647b3bccb226060db2abaf9c
-
Size
770KB
-
MD5
7e335bd4ae5afa13c5ed286621436293
-
SHA1
494c638d58de15d7d0ce04ce0eadf75b6a108a68
-
SHA256
96668bb40c6339fb12a28aaab8a53e0012e82d5b647b3bccb226060db2abaf9c
-
SHA512
594b2b229ffbdf409398a527f0f7f866bfe67047dd57fda788705cbc1d5d1e87375085a5fd1f37494ccbe9622032744d1d5ae7045487418297e4475b3a7f6193
-
SSDEEP
12288:6Mr3y909qhH1Ws7WwBCPT+JTpLgaJz7Gg9Aie0F2ScZU+OScRjLJC9QRR/sdEOrE:lybhlWwZeGndQJZqRjjR/qLfi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-