General
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.zip
-
Size
639KB
-
Sample
230308-pv2btsge32
-
MD5
126830259c25e899719aa05c79a8b79e
-
SHA1
83d0a78d187b5fab5bc2ca0bff590c9a7d6919b4
-
SHA256
c98006d1339ffd5cb68898499e2ae59e41626390461680932c58d97f7b4dcd40
-
SHA512
c516eca943ec532f381b8b8a996d4d8cb48d5730c64db04dc269e2a179752a23fdcc839b6d1b7e006d8695120010edc8f62aae63808ae486098f9b24c43bea80
-
SSDEEP
12288:AU7ztsXEq5QoxeUq5d29At+c6y3aubMBQzNl841uHzT9iQGW0C6h8Am:AszcEqGqFqDaAt+cZlhU41uHzTEzW0Nk
Static task
static1
Behavioral task
behavioral1
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
-
Size
690KB
-
MD5
40e79ea104c4a99fd2dc6d3c14555506
-
SHA1
be5ddb56626b78fa4657f17d0dfa00915c1f5297
-
SHA256
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485
-
SHA512
549bc5c9ef26e5d86e62b26cf17c989913d06b64971b317e347d11551a213a97d57301f57d8521677b86b266a1468ca23467475cc8f1766ddcc6783d0a5d66c0
-
SSDEEP
12288:HMrQy90KUaqGgsPPicCpWJec89kRiu93kfPLq/G8s9V28TTsJNRS:Dyf/qGgsPUsI2iuVkriwVJIBS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-