General
-
Target
3a3eea6775373450f6db69cfbe116279f354b562a6e716bd8317b7edac59602f
-
Size
770KB
-
Sample
230528-qzw4caff51
-
MD5
ad0ed233c628abc9cd291660123e8e1d
-
SHA1
5a8455e31c61536d52eb33924402c031ee3f970f
-
SHA256
3a3eea6775373450f6db69cfbe116279f354b562a6e716bd8317b7edac59602f
-
SHA512
c987543b66fa94b0a61446b5f20b52e8a02aeadb371b6cea8bc866b4815715e1142c171828bf991d2ef9fe3efd7eec4409f0feb2aafd2b99bc4f65d0e476bbba
-
SSDEEP
24576:nyd/oc8hSAW+L5yxGzjP7rwM2qmSq29U9W/rV0o0:ymcsvFyxoPQM2qmSqjW/
Static task
static1
Behavioral task
behavioral1
Sample
3a3eea6775373450f6db69cfbe116279f354b562a6e716bd8317b7edac59602f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mawa
83.97.73.127:19062
-
auth_value
c74d280ca4e3a15ff6b2af6fe2eb955b
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Targets
-
-
Target
3a3eea6775373450f6db69cfbe116279f354b562a6e716bd8317b7edac59602f
-
Size
770KB
-
MD5
ad0ed233c628abc9cd291660123e8e1d
-
SHA1
5a8455e31c61536d52eb33924402c031ee3f970f
-
SHA256
3a3eea6775373450f6db69cfbe116279f354b562a6e716bd8317b7edac59602f
-
SHA512
c987543b66fa94b0a61446b5f20b52e8a02aeadb371b6cea8bc866b4815715e1142c171828bf991d2ef9fe3efd7eec4409f0feb2aafd2b99bc4f65d0e476bbba
-
SSDEEP
24576:nyd/oc8hSAW+L5yxGzjP7rwM2qmSq29U9W/rV0o0:ymcsvFyxoPQM2qmSqjW/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-