General
-
Target
b347a0f26d057878a1c24927ced02b30.bin
-
Size
529KB
-
Sample
230620-b17txaad9v
-
MD5
b58fcf6af38810ff3d35677426d6234e
-
SHA1
5e673160dc2332113619b3d64debeb150238cf50
-
SHA256
c2743ffc093d1ce9be6231c72a5d03a5029e5a913632e0d0ed032b8db5ce1b0e
-
SHA512
18ce336f923575371eec2619882e83de00d9a70877943583e2de4cf6d037d2c36ea86d17989f4b5773b309c29d4b118b582e730bbd5a638e1781b22de6934fef
-
SSDEEP
12288:wT5w3OAOZMjLS0tLwsGwn7pk+6PZ7UKq0PLv:d3uZWL3k89F+dUkjv
Static task
static1
Behavioral task
behavioral1
Sample
f029a186250840ab5492c2d8f9fee5197b9919f1111e8d11c4c6c6e8bf7f8206.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Targets
-
-
Target
f029a186250840ab5492c2d8f9fee5197b9919f1111e8d11c4c6c6e8bf7f8206.exe
-
Size
573KB
-
MD5
b347a0f26d057878a1c24927ced02b30
-
SHA1
293e5184eb24a7dc83468ad14a9449e9ca67122b
-
SHA256
f029a186250840ab5492c2d8f9fee5197b9919f1111e8d11c4c6c6e8bf7f8206
-
SHA512
03cfefb658c0f145a61c99bdeca2602df4527d2a47c885990e83d6848d099503ba7fd354edefe4e5399e09519bb4eebc7428a21d9f82e4eb342763ff7e1c0246
-
SSDEEP
12288:dMrOy90cyrwseeuT1W1CvL/7qFwyFPH4/YRsI:vypxreuprLOFwK4/YRr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-