General
-
Target
2feacea8014cfa57f7a298a10c8bac74.bin
-
Size
539KB
-
Sample
230620-bgs7eahc29
-
MD5
0ea56f56293f3e23c1e29833eba20ca1
-
SHA1
9383d48f369da2f653c25010d0d93db83d211a7c
-
SHA256
522eb869f2d5e95fa95009b949b8263a020507199dc487be33429fc0f72d2bd2
-
SHA512
32c176c581e7645db459c4bdffd497bc364b1be3c6aff15718f7b7130fc6d4f7d2b362136de65e26b9d7372b38d9c34e8ebc1cabb729459a71cd4b13d74acc46
-
SSDEEP
12288:0OR2b2ooBjsKynwnKbxRFAzQHkRf7nJZyFhF2Zrdd57U:0cI2I12UfsQHkRfDJZumZrdX7U
Static task
static1
Behavioral task
behavioral1
Sample
98e6f328e026d4ae0241c766af9e4cf8cfe4b6d694fe01acde39f175eb973d6a.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
98e6f328e026d4ae0241c766af9e4cf8cfe4b6d694fe01acde39f175eb973d6a.exe
-
Size
583KB
-
MD5
2feacea8014cfa57f7a298a10c8bac74
-
SHA1
b11c5cf834488fe975d243e0bffff3045b335286
-
SHA256
98e6f328e026d4ae0241c766af9e4cf8cfe4b6d694fe01acde39f175eb973d6a
-
SHA512
91379480094f7f81c8f9fdbb4a9e32985788b0c9e599751124a29fc4c126953d45e2e7af4d1392160aa095fd57bf4248d529a4c79f64a64aef1be0242f12d1aa
-
SSDEEP
12288:7MrYy909dvAMaZoJbKH5AIMbkotOAB3XWu1CBqsIvrpqPquyl:HymEZ+bKGdb/J3X7sBqFryquyl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-