General
-
Target
dccc82dee0bc433939c5d67ead0633b2f6ccfeebc45d32bd8f53290bf1f79cdc
-
Size
490KB
-
Sample
230507-lwanqaec45
-
MD5
befdf95edadf5363b1522fcf05efaf7b
-
SHA1
91b8a0db32fa3701f1e7f831e375d9fa61cec2b7
-
SHA256
dccc82dee0bc433939c5d67ead0633b2f6ccfeebc45d32bd8f53290bf1f79cdc
-
SHA512
4bc79fa0c933516e1313dec348ff13027e507a10e588b37a33a78626f0d78f833ae9e7392b9291357418da06110c8da46139bf06173776d67a0ec3729240cde5
-
SSDEEP
12288:4Mr8y90R21iEIbQxO9v2wDexLYnekoWy4AHZ/qM1+mm8k:0yDiEaP2gNek+HZx+mq
Static task
static1
Behavioral task
behavioral1
Sample
dccc82dee0bc433939c5d67ead0633b2f6ccfeebc45d32bd8f53290bf1f79cdc.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
lada
217.196.96.101:4132
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
dccc82dee0bc433939c5d67ead0633b2f6ccfeebc45d32bd8f53290bf1f79cdc
-
Size
490KB
-
MD5
befdf95edadf5363b1522fcf05efaf7b
-
SHA1
91b8a0db32fa3701f1e7f831e375d9fa61cec2b7
-
SHA256
dccc82dee0bc433939c5d67ead0633b2f6ccfeebc45d32bd8f53290bf1f79cdc
-
SHA512
4bc79fa0c933516e1313dec348ff13027e507a10e588b37a33a78626f0d78f833ae9e7392b9291357418da06110c8da46139bf06173776d67a0ec3729240cde5
-
SSDEEP
12288:4Mr8y90R21iEIbQxO9v2wDexLYnekoWy4AHZ/qM1+mm8k:0yDiEaP2gNek+HZx+mq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-