General
-
Target
4de9aaf9e17562aeb7b8766c6609c8840ef2f16670f9870a20e94072d20573b0
-
Size
729KB
-
Sample
230605-s9lrgahd76
-
MD5
cd10fefea5990802898a69d7452967d6
-
SHA1
1ec8e684f08e4716d4a44e511b89e946553ba3f1
-
SHA256
4de9aaf9e17562aeb7b8766c6609c8840ef2f16670f9870a20e94072d20573b0
-
SHA512
35ab78660f862650b8044d193d3392e1a98aecd3debb2bedf33af46c696725cbd1603d59f39e52d6b7feefb0115cf94385b4d13b1b82695f270b1dc99bae55e3
-
SSDEEP
12288:nMr6y90DLLt46TJo334d87JEt8+NLtMr0hD5AeliaHG2iYUAA+o4MLJnGCA:ZyxWpelr0RCYHFiYUUuBGCA
Static task
static1
Behavioral task
behavioral1
Sample
4de9aaf9e17562aeb7b8766c6609c8840ef2f16670f9870a20e94072d20573b0.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19048
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
4de9aaf9e17562aeb7b8766c6609c8840ef2f16670f9870a20e94072d20573b0
-
Size
729KB
-
MD5
cd10fefea5990802898a69d7452967d6
-
SHA1
1ec8e684f08e4716d4a44e511b89e946553ba3f1
-
SHA256
4de9aaf9e17562aeb7b8766c6609c8840ef2f16670f9870a20e94072d20573b0
-
SHA512
35ab78660f862650b8044d193d3392e1a98aecd3debb2bedf33af46c696725cbd1603d59f39e52d6b7feefb0115cf94385b4d13b1b82695f270b1dc99bae55e3
-
SSDEEP
12288:nMr6y90DLLt46TJo334d87JEt8+NLtMr0hD5AeliaHG2iYUAA+o4MLJnGCA:ZyxWpelr0RCYHFiYUUuBGCA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-