General
-
Target
c7a802193a139fc36c5014ccd78dbbb5.bin
-
Size
529KB
-
Sample
230620-b5fk8aae2v
-
MD5
f3117dda24a4b1c5f821d7854a76e6ad
-
SHA1
46b8c41fb53246cde40f978cb3cd866f484703ab
-
SHA256
312c156a9d0336b93d545a209ec831962bbc80d878d754b5be1774403430631e
-
SHA512
58be106a400f129a657407a46412f02167d0a973eeb0bb41aaac0d1cecba6549337aa6755744ef34732d7680d9b0512f59a349f8185040590c4ad341504ebf33
-
SSDEEP
12288:CXRyO35ulBRi8efZAkVJEiaHCvPAZO5eK/HsooZ0GCEKSH:Q3wlHi8shVJEhaPAZOrHsoc0GHbH
Static task
static1
Behavioral task
behavioral1
Sample
ac733f94761b6c54a238801ce3b36e92eca62d3725e823a9f8ae749c4ab8f3be.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Targets
-
-
Target
ac733f94761b6c54a238801ce3b36e92eca62d3725e823a9f8ae749c4ab8f3be.exe
-
Size
573KB
-
MD5
c7a802193a139fc36c5014ccd78dbbb5
-
SHA1
3759ead469c3302d2d9e80d46523e7a69ca206f3
-
SHA256
ac733f94761b6c54a238801ce3b36e92eca62d3725e823a9f8ae749c4ab8f3be
-
SHA512
c0ef2adb77d42dcb3f423276e27d12d5eac3ab31c8255822ba74d37b0a169e1ffd2108fb121a24b4394c12f54eca6b3581334c842ceeaef4a6170287c63af1ba
-
SSDEEP
12288:pMrHy90XYs4bxKuW1bo1DR1xdha4BY6o05oM9vc3DwV97mdcEW:qyq8guW1bo3JhaWY6hf9vkwVFIcF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-