General
-
Target
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f.bin
-
Size
1.5MB
-
Sample
230507-a64h1aga6z
-
MD5
65b13e169f898e5444ecffde1309e249
-
SHA1
b798e8028534b7c2e75821d142573c97f812dc63
-
SHA256
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f
-
SHA512
b983c142cef82bac5f136b299e2f82bf41964f24f3f3bf63ccda41d61421121ecdfbe261dabb735421a02fd1049c382bb355f74cf60026d40a4a174e465e7e0f
-
SSDEEP
24576:2y7pxIKmUw/brSmrHnwltG08ut+7ceTyvBgsJVDP+XeRez3Gpngs3kTTI0T:FoKm/Smjn2tVRt+7HUusLDP+XeRez3AQ
Static task
static1
Behavioral task
behavioral1
Sample
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f.bin
-
Size
1.5MB
-
MD5
65b13e169f898e5444ecffde1309e249
-
SHA1
b798e8028534b7c2e75821d142573c97f812dc63
-
SHA256
32468fd9089a4495ebb693876a44e3b58e97e002c31f4b56d096224df733354f
-
SHA512
b983c142cef82bac5f136b299e2f82bf41964f24f3f3bf63ccda41d61421121ecdfbe261dabb735421a02fd1049c382bb355f74cf60026d40a4a174e465e7e0f
-
SSDEEP
24576:2y7pxIKmUw/brSmrHnwltG08ut+7ceTyvBgsJVDP+XeRez3Gpngs3kTTI0T:FoKm/Smjn2tVRt+7HUusLDP+XeRez3AQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-