General
-
Target
27ead757de0b0ca55450c5d8cc53c6fe.exe.bin
-
Size
1.5MB
-
Sample
230507-aq2pgaeb6w
-
MD5
27ead757de0b0ca55450c5d8cc53c6fe
-
SHA1
bfadc4ff184893938d2a76a69f83f391c778557a
-
SHA256
07a482b57b07d95eb183c4637b3b66928b8965727dde9cc1a43a1167166b64d8
-
SHA512
a60c98193f1c6164337b4da77902fe51c47b333296b0442bc0eaef7785c2a2117c26fa69db5b43aa64651d7927f7d3d52573e504fbaac0e2ed01f085313e68c9
-
SSDEEP
24576:ny0vXuziDrn7/nhNyZUQgyhttJxVDlQklm0ooB8dLaDnvsvkZqT4gkOCFIsFS0x0:yaXLLzzyGjyrt7JlLdL8dLaDngSqc6Uk
Static task
static1
Behavioral task
behavioral1
Sample
27ead757de0b0ca55450c5d8cc53c6fe.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
27ead757de0b0ca55450c5d8cc53c6fe.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
redline
life
185.161.248.73:4164
-
auth_value
8685d11953530b68ad5ec703809d9f91
Targets
-
-
Target
27ead757de0b0ca55450c5d8cc53c6fe.exe.bin
-
Size
1.5MB
-
MD5
27ead757de0b0ca55450c5d8cc53c6fe
-
SHA1
bfadc4ff184893938d2a76a69f83f391c778557a
-
SHA256
07a482b57b07d95eb183c4637b3b66928b8965727dde9cc1a43a1167166b64d8
-
SHA512
a60c98193f1c6164337b4da77902fe51c47b333296b0442bc0eaef7785c2a2117c26fa69db5b43aa64651d7927f7d3d52573e504fbaac0e2ed01f085313e68c9
-
SSDEEP
24576:ny0vXuziDrn7/nhNyZUQgyhttJxVDlQklm0ooB8dLaDnvsvkZqT4gkOCFIsFS0x0:yaXLLzzyGjyrt7JlLdL8dLaDngSqc6Uk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-