General
-
Target
0466d210c99780e86dafa41fce52f3ce3341aea93959a9103c3e4e693e02ec84
-
Size
1.2MB
-
Sample
230414-kze7yahc65
-
MD5
29a4c1a7fceca7931322524f22ab2c38
-
SHA1
85b61a4c766050bbf1a2ea17ca5ab4e4cb59eeee
-
SHA256
0466d210c99780e86dafa41fce52f3ce3341aea93959a9103c3e4e693e02ec84
-
SHA512
d8fac48a919b760c764e3b3d31152858651565ff8ebddf2cf63111f6300ce1548320aff4b576e073dc426c0d0c0981beb39dbddc6da36aae2e0c6abfa541cedc
-
SSDEEP
24576:GyxGhPLoN+2YJLsbAEjYJ4d1B9Nmybgyyb3LDXlz:VxiOYJLyAc24d1X8zyebDXl
Static task
static1
Behavioral task
behavioral1
Sample
0466d210c99780e86dafa41fce52f3ce3341aea93959a9103c3e4e693e02ec84.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Targets
-
-
Target
0466d210c99780e86dafa41fce52f3ce3341aea93959a9103c3e4e693e02ec84
-
Size
1.2MB
-
MD5
29a4c1a7fceca7931322524f22ab2c38
-
SHA1
85b61a4c766050bbf1a2ea17ca5ab4e4cb59eeee
-
SHA256
0466d210c99780e86dafa41fce52f3ce3341aea93959a9103c3e4e693e02ec84
-
SHA512
d8fac48a919b760c764e3b3d31152858651565ff8ebddf2cf63111f6300ce1548320aff4b576e073dc426c0d0c0981beb39dbddc6da36aae2e0c6abfa541cedc
-
SSDEEP
24576:GyxGhPLoN+2YJLsbAEjYJ4d1B9Nmybgyyb3LDXlz:VxiOYJLyAc24d1X8zyebDXl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-