General
-
Target
a76f319ee9bf595c6df3a5aa5b28b7f92208885b16ed7294c21a8625d1bf325c
-
Size
781KB
-
Sample
230528-qla9qaff21
-
MD5
87e618e6ed2168512271b8b762982e9c
-
SHA1
d37cbc53aceb33798730f43dcb970e58c2f68c75
-
SHA256
a76f319ee9bf595c6df3a5aa5b28b7f92208885b16ed7294c21a8625d1bf325c
-
SHA512
5c8aca7d725e75697bcbb732988ed065830d6512e41ca223aca91a919165cc1665ebfe2673d3a656c4adf391c27d0c2f41becf63d65738318f6e2af42c701c97
-
SSDEEP
24576:xyXW8ffp/SZLqro5S1yX3R1lsdUw6IvDG75ms:km4OLqrYgynPlsD2
Static task
static1
Behavioral task
behavioral1
Sample
a76f319ee9bf595c6df3a5aa5b28b7f92208885b16ed7294c21a8625d1bf325c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
a76f319ee9bf595c6df3a5aa5b28b7f92208885b16ed7294c21a8625d1bf325c
-
Size
781KB
-
MD5
87e618e6ed2168512271b8b762982e9c
-
SHA1
d37cbc53aceb33798730f43dcb970e58c2f68c75
-
SHA256
a76f319ee9bf595c6df3a5aa5b28b7f92208885b16ed7294c21a8625d1bf325c
-
SHA512
5c8aca7d725e75697bcbb732988ed065830d6512e41ca223aca91a919165cc1665ebfe2673d3a656c4adf391c27d0c2f41becf63d65738318f6e2af42c701c97
-
SSDEEP
24576:xyXW8ffp/SZLqro5S1yX3R1lsdUw6IvDG75ms:km4OLqrYgynPlsD2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-