General
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.zip
-
Size
638KB
-
Sample
230308-pvz4rsfh5y
-
MD5
2710ad6b417303d1c9019f7475c8900a
-
SHA1
6ac849816d32a9c806077ae20ab13edd17423949
-
SHA256
5ad5cf6876d842ee0910d22e8bd596b05f5e0d84cff3593411f66ee44a8071fb
-
SHA512
2875556d723665156fb9e4b2b26249f544dfc9af58275d8ec92539269e208a24ea606825cb1f6f1b9861a376dc6e3215212e53150f27f528f2687e9c00fa1a8a
-
SSDEEP
12288:4VSlq2pCZqCW3Jj9ABtWJ3p440O5NaCIwl3glr6VnyHgL7CFdwSME/W7p0AHZP/9:4U82pIlKJjeM240O5NnIwla6g+WMgW7t
Static task
static1
Behavioral task
behavioral1
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
-
Size
689KB
-
MD5
10586811a37e8f473466952597f98301
-
SHA1
7e472e3961475061394c7448febd4c77a29de022
-
SHA256
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4
-
SHA512
4ff79ea83f2c8c0a56c17c30fdda7015b40707bbfd7991a2422a9fd4e4bca81121e6313358ccacae75353fd77e3f40494034c92f922e70f8103e09c1be1f8c2e
-
SSDEEP
12288:hMrgy90duzjHoqe0pKF5f/GtiCpEmgidIP/CB/efbMdz4v:5yzjG6WdGtiCpEnidIP/CBAbM54v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-