General
-
Target
70f77860bc0579f19c665dac6107b6bbe608d8971a6d49a6771b68a5b72bbbc1
-
Size
781KB
-
Sample
230528-qt2fwafb86
-
MD5
ca34d761d96f3c29448a50a72a7b46bb
-
SHA1
1ee74fa6e481d740fe4055c33f4da5b2f207c91b
-
SHA256
70f77860bc0579f19c665dac6107b6bbe608d8971a6d49a6771b68a5b72bbbc1
-
SHA512
48a2726c15f8a4697f945c1582ae80d4d406a6dd6faeefcab066de450f0fa7d2eda21231bc006aaf2890d71c7da5eba5675f496f926b1dffe53118022e17648b
-
SSDEEP
24576:Syq0UI+zOlDyyZ3P66JIVyXG46NR1bk4qGG511J:5q0/+BIxIkXvOR1bkD3
Static task
static1
Behavioral task
behavioral1
Sample
70f77860bc0579f19c665dac6107b6bbe608d8971a6d49a6771b68a5b72bbbc1.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
daswa
83.97.73.127:19062
-
auth_value
a6ab6b8df5480a0bb295d3c069f67bf8
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
70f77860bc0579f19c665dac6107b6bbe608d8971a6d49a6771b68a5b72bbbc1
-
Size
781KB
-
MD5
ca34d761d96f3c29448a50a72a7b46bb
-
SHA1
1ee74fa6e481d740fe4055c33f4da5b2f207c91b
-
SHA256
70f77860bc0579f19c665dac6107b6bbe608d8971a6d49a6771b68a5b72bbbc1
-
SHA512
48a2726c15f8a4697f945c1582ae80d4d406a6dd6faeefcab066de450f0fa7d2eda21231bc006aaf2890d71c7da5eba5675f496f926b1dffe53118022e17648b
-
SSDEEP
24576:Syq0UI+zOlDyyZ3P66JIVyXG46NR1bk4qGG511J:5q0/+BIxIkXvOR1bkD3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-