General
-
Target
0277808ce3fdb30ccda7440e322bcb30.bin
-
Size
529KB
-
Sample
230620-bcmttsac7z
-
MD5
23e4a1a0a43787b5cae33571c7dac6b4
-
SHA1
2872703d27490da104c3da67ba9d7b8831a79f0f
-
SHA256
7e281d7234e08f0f82a0d7c0ad033eb70483154ab244a22aaf2790697ff879c6
-
SHA512
845430eef2636c795ccf59403a7f2103df267d77cfc706b6fb18c2143ff3c8884ea34e188ae8979e85d5405f9c92b8a2900726e00d0c12be25e23d891ecd0727
-
SSDEEP
12288:h6/8Twb4rVGbJbi/4uuAQGOFcYBbzT06MXyT:u8Twb4rT4PAQGX6bzaCT
Static task
static1
Behavioral task
behavioral1
Sample
9afd281bb487e496b33b3584195a5d1e29e526f4de466f9ce53f06e55fb4b0ad.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Targets
-
-
Target
9afd281bb487e496b33b3584195a5d1e29e526f4de466f9ce53f06e55fb4b0ad.exe
-
Size
573KB
-
MD5
0277808ce3fdb30ccda7440e322bcb30
-
SHA1
185b2d77b2d04e4cefe7f20c3fa3e125a6e083f5
-
SHA256
9afd281bb487e496b33b3584195a5d1e29e526f4de466f9ce53f06e55fb4b0ad
-
SHA512
3f616f3050557860bfa3120abffaf840c29863f327a7092e36f427cd42abfd96280d5462dbb0cc673fecb7c459a566e38c6c7ac98114352b1ee6fe6306d96e5b
-
SSDEEP
12288:OMrAy90C0i83z6r+fpXaHX3syXs1u4hbDbgBunc5qZ:qyAiixfg38y8fhbABucg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-