General
-
Target
fcdf7b95dcfc0a6a29fb1487268bc8dc583b11ad1c86335fb9bf3b4f77d96648
-
Size
736KB
-
Sample
230605-ts3jbshe93
-
MD5
4f2f1e7ed4a33dcedfb92e2055317999
-
SHA1
28794e993d519421316c66862585f9f1e756aa9d
-
SHA256
fcdf7b95dcfc0a6a29fb1487268bc8dc583b11ad1c86335fb9bf3b4f77d96648
-
SHA512
2f4f2924e3e042daf8ca7a3675046992b2b652ab1b73fc44798d6390325f706d1a424739d0e46b02a609572111a772b0e02b3a66367e0e98c776b6b96246bc19
-
SSDEEP
12288:rMrSy90POy0N/BOrIRsMLTgtxTPm/7RGAOQeWaBzMvF0UnEjhKe1+cVgZ:VyoCFBOPG0XTOzRJOfds0UEjYe1VW
Static task
static1
Behavioral task
behavioral1
Sample
fcdf7b95dcfc0a6a29fb1487268bc8dc583b11ad1c86335fb9bf3b4f77d96648.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19048
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
fcdf7b95dcfc0a6a29fb1487268bc8dc583b11ad1c86335fb9bf3b4f77d96648
-
Size
736KB
-
MD5
4f2f1e7ed4a33dcedfb92e2055317999
-
SHA1
28794e993d519421316c66862585f9f1e756aa9d
-
SHA256
fcdf7b95dcfc0a6a29fb1487268bc8dc583b11ad1c86335fb9bf3b4f77d96648
-
SHA512
2f4f2924e3e042daf8ca7a3675046992b2b652ab1b73fc44798d6390325f706d1a424739d0e46b02a609572111a772b0e02b3a66367e0e98c776b6b96246bc19
-
SSDEEP
12288:rMrSy90POy0N/BOrIRsMLTgtxTPm/7RGAOQeWaBzMvF0UnEjhKe1+cVgZ:VyoCFBOPG0XTOzRJOfds0UEjYe1VW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-