Resubmissions
22-11-2023 01:16
231122-bm924she63 105-06-2023 18:52
230605-xja99sag8x 601-06-2023 19:18
230601-x1b8wsgd5x 1001-06-2023 17:57
230601-wjvhgaff56 1001-06-2023 16:56
230601-vfpx5sfd87 601-06-2023 16:38
230601-t5dqqsfc93 1001-06-2023 16:19
230601-tsv49afc46 1001-06-2023 16:10
230601-tmev3sfc22 10General
-
Target
http://34.101.154.50
-
Sample
230601-x1b8wsgd5x
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://34.101.154.50
Resource
win10v2004-20230220-en
23 signatures
150 seconds
Malware Config
Extracted
Family
redline
Botnet
dix
C2
77.91.124.251:19065
Attributes
-
auth_value
9b544b3d9c88af32e2f5bf8705f9a2fb
Extracted
Family
redline
Botnet
diza
C2
185.161.248.37:4138
Attributes
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
http://34.101.154.50
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Suspicious use of SetThreadContext
-