General
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.zip
-
Size
638KB
-
Sample
230308-qdzmcabf8y
-
MD5
a856de3f724f111047af0f401f615dbe
-
SHA1
0b4563fe2796bfe97169219cd58503dcad28ca1a
-
SHA256
3781bb3ea991dc85f9972f46db3b8652961d61ff15ffe535da543a783282171b
-
SHA512
58a33e1d21b59920d2e2cdfc486ae646080477879f01bb9ef72425d77aeae5572b1613ce6f3487d09ec0d1211b6fe1dfdafbc5440acddba014774a53d1543c6c
-
SSDEEP
12288:8gPRN1owRvimDorXobQgoK7d24sJBaRMu9mDNzIXVp:8gPRsh0Qg/dxsJaduNO
Static task
static1
Behavioral task
behavioral1
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.68
193.233.20.26/Do3m4Gor/index.php
Extracted
redline
fabio
193.233.20.27:4123
-
auth_value
56b82736c3f56b13be8e64c87d2cf9e5
Targets
-
-
Target
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4.exe
-
Size
689KB
-
MD5
10586811a37e8f473466952597f98301
-
SHA1
7e472e3961475061394c7448febd4c77a29de022
-
SHA256
0b857f695ac9881c7e664fd00dffb30381bcd51a2d5a4e8e9877c142aa5774d4
-
SHA512
4ff79ea83f2c8c0a56c17c30fdda7015b40707bbfd7991a2422a9fd4e4bca81121e6313358ccacae75353fd77e3f40494034c92f922e70f8103e09c1be1f8c2e
-
SSDEEP
12288:hMrgy90duzjHoqe0pKF5f/GtiCpEmgidIP/CB/efbMdz4v:5yzjG6WdGtiCpEnidIP/CBAbM54v
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-