General
-
Target
f2afe3cc110f3d4be27d6926c3c0c7a6.bin
-
Size
540KB
-
Sample
230620-ccec5ahd73
-
MD5
72fa00ed419d689c25b7c6cd28434d82
-
SHA1
53a29058c74e0748dd0a0704d02af8bf97e0e66d
-
SHA256
d6110c620d71dc7f1f2c14312e0699992c81bd4a974d2d05a699f3b4ba861056
-
SHA512
ae6902d7ae8b3c8aa4a87fff241bc00babec34b0b735eb2249b37484905dbd7253c82458e16e0fd2f461cad1ef0561601b7f5999ebb64e4a9da1b7871992bcd0
-
SSDEEP
12288:8IETNoFnwzie6anLTo3NB/nVSqTIunK+1wSZjPM0C:8BTNoFwOeTvo3//nVSqT3KQI0C
Static task
static1
Behavioral task
behavioral1
Sample
b78440d7f0883e037a1eb57319c4735e627d0f6e5201200323a69a34cfe83b0d.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
jason
83.97.73.129:19071
-
auth_value
87d1dc01751f148e9bec02edc71c5d94
Extracted
redline
duza
83.97.73.129:19071
-
auth_value
787a4e3bbc78fd525526de1098cb0621
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
b78440d7f0883e037a1eb57319c4735e627d0f6e5201200323a69a34cfe83b0d.exe
-
Size
584KB
-
MD5
f2afe3cc110f3d4be27d6926c3c0c7a6
-
SHA1
ad3e79874a10c789eefe61583bf649e20cc3e1a0
-
SHA256
b78440d7f0883e037a1eb57319c4735e627d0f6e5201200323a69a34cfe83b0d
-
SHA512
2331943206aef775074d64e07fe694db9785e95a76b188caebecbeca8f0bc8a51775dbb9bccd9a27dc12ed315880035f6256a765d3dce2ebbec296e5038231f5
-
SSDEEP
12288:YMr6y90kjtTM5L/NLj09ylucac8giIu4MI137Xf2:Sy3CHLjzXj8Ya
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-