General
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.zip
-
Size
639KB
-
Sample
230308-qd1jmscf56
-
MD5
5c23262333c59462d57e702d85bd7604
-
SHA1
7b02d11e48c2a0feaccc1892efb2498ea95ab1e2
-
SHA256
9f9daefe31f067accffd01772cdeeba82e645e73ac2b06ecab9996a888f2478e
-
SHA512
b959778f50cdc00e122c1b7ad5810339f624e0f987d027d0269c11deceb6ad572a5ff7410a2679e4396ea84a160c04eb2bcc733a842dc55d576715bf9dc61cc7
-
SSDEEP
12288:mIvm0WZ4vdOXMHDM+oupF4cDwstyh0eFpkzVf8YesLWqE:mSm0Wuv9wJ6FdDwyy/bIJHebqE
Static task
static1
Behavioral task
behavioral1
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485.exe
-
Size
690KB
-
MD5
40e79ea104c4a99fd2dc6d3c14555506
-
SHA1
be5ddb56626b78fa4657f17d0dfa00915c1f5297
-
SHA256
e0655ce959cf315b005873a9716ec993c0d45805a439793fe2beec0763f15485
-
SHA512
549bc5c9ef26e5d86e62b26cf17c989913d06b64971b317e347d11551a213a97d57301f57d8521677b86b266a1468ca23467475cc8f1766ddcc6783d0a5d66c0
-
SSDEEP
12288:HMrQy90KUaqGgsPPicCpWJec89kRiu93kfPLq/G8s9V28TTsJNRS:Dyf/qGgsPUsI2iuVkriwVJIBS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-