General
-
Target
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b
-
Size
1.1MB
-
Sample
230516-abcf2aag49
-
MD5
8d9f8786aa2c495db5359bb892f5a32a
-
SHA1
662ef743c10a50827923aa013df92ffbbce28373
-
SHA256
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b
-
SHA512
0c4b28aba07b90f04f4ad446b46e62a555f7d0e57623ea0ed705b45f479e709a441c3cf0afa6f6a8bc727bb038a90d251282a8b57a6dbed033eedea5e39d9fa9
-
SSDEEP
24576:+yq/DzcseuAe/MkRLM+JMEvzGopWR6ZGrkW:Nq/DzclejpMTE7GopE6ZT
Static task
static1
Behavioral task
behavioral1
Sample
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
193.201.9.43/plays/chapter/index.php
Extracted
redline
maxi
185.161.248.90:4125
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b
-
Size
1.1MB
-
MD5
8d9f8786aa2c495db5359bb892f5a32a
-
SHA1
662ef743c10a50827923aa013df92ffbbce28373
-
SHA256
fe339a6ccbe688c65e2298d481eb163b2a3721567d0f76e97bb594ae0461b96b
-
SHA512
0c4b28aba07b90f04f4ad446b46e62a555f7d0e57623ea0ed705b45f479e709a441c3cf0afa6f6a8bc727bb038a90d251282a8b57a6dbed033eedea5e39d9fa9
-
SSDEEP
24576:+yq/DzcseuAe/MkRLM+JMEvzGopWR6ZGrkW:Nq/DzclejpMTE7GopE6ZT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-