General
-
Target
a9e69c61ca556674ed5b73fd40e425f2ef93d0f201d1e710fb9b8104ae727199.zip
-
Size
640KB
-
Sample
230308-pv8e5sfh6v
-
MD5
855b2bda83d2c4ac8c41fe8a33a42afb
-
SHA1
55215b9b331b14e662b133e1892e4956481fc466
-
SHA256
7df868b54ba4b1fe76d72e39d4586e7bfacd687956082429ed9bab6c8e8faab3
-
SHA512
4f0a052d6fddd8442263a3bdd0074161651281e8030eeebbb702599f220f6d52567a6f4d66517b1a2366b52448cb5b3a340866919c743d21a3bd233ac6db769a
-
SSDEEP
12288:V1WFR8sBuE8gXys+/kYUsDvfkZrh3LVA0Pin9zscllisoU8J:GrTBukyfk1sTkZrh3LOwg9Qibod
Static task
static1
Behavioral task
behavioral1
Sample
a9e69c61ca556674ed5b73fd40e425f2ef93d0f201d1e710fb9b8104ae727199.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a9e69c61ca556674ed5b73fd40e425f2ef93d0f201d1e710fb9b8104ae727199.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
a9e69c61ca556674ed5b73fd40e425f2ef93d0f201d1e710fb9b8104ae727199.exe
-
Size
691KB
-
MD5
07be2ad3e9d59c4d1abe879eefa5828a
-
SHA1
c23109225e824863a198df9f5b5231e93414c266
-
SHA256
a9e69c61ca556674ed5b73fd40e425f2ef93d0f201d1e710fb9b8104ae727199
-
SHA512
5731bf4d5f95e7e0796c6522abd0723adf331cbee22b543a4935fc3c16651b82e8b692692b8159475654aeccff8cdc910d8767bcfc312af89199b0b5359c2a66
-
SSDEEP
12288:8Mr8y90LPGazvF3Yores7q1Gw0oE5FwLw2YFKBisGy64rPYSbN15PKcGV6bOd:QysdztIvpCo0iwRDy7gSbNjPnGVzd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-