General
-
Target
352b401855ff5646b8cb4a1fba0cc94f11364c4b4f95c5f23a3747c6bad5aa4d
-
Size
780KB
-
Sample
230528-qm24tsff3t
-
MD5
db0e7ca3276ad43f8844b540f386c04d
-
SHA1
3d840542fbf7408a424776bb307dac5a9fd62c96
-
SHA256
352b401855ff5646b8cb4a1fba0cc94f11364c4b4f95c5f23a3747c6bad5aa4d
-
SHA512
f06c6b0135c53b658105a14625e7b6138fce39600a09b99b1a4e3e821758c98b5f7ce415175d3744ae7d2db193988e2e3f083fa92ec74acea7b9173442eb12a4
-
SSDEEP
12288:dMrWy90e8Mz7/ZbbX/66GUkCg/gfzZUTcBg7X1fKZ889g93RUbc/O7D16U:TyFjzTZbbfbzzZUTc8Z1r4cZU
Static task
static1
Behavioral task
behavioral1
Sample
352b401855ff5646b8cb4a1fba0cc94f11364c4b4f95c5f23a3747c6bad5aa4d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
352b401855ff5646b8cb4a1fba0cc94f11364c4b4f95c5f23a3747c6bad5aa4d
-
Size
780KB
-
MD5
db0e7ca3276ad43f8844b540f386c04d
-
SHA1
3d840542fbf7408a424776bb307dac5a9fd62c96
-
SHA256
352b401855ff5646b8cb4a1fba0cc94f11364c4b4f95c5f23a3747c6bad5aa4d
-
SHA512
f06c6b0135c53b658105a14625e7b6138fce39600a09b99b1a4e3e821758c98b5f7ce415175d3744ae7d2db193988e2e3f083fa92ec74acea7b9173442eb12a4
-
SSDEEP
12288:dMrWy90e8Mz7/ZbbX/66GUkCg/gfzZUTcBg7X1fKZ889g93RUbc/O7D16U:TyFjzTZbbfbzzZUTc8Z1r4cZU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-