General
-
Target
d1df30c028ebba38b2f3d799169f1908.exe
-
Size
848KB
-
Sample
230614-cxh7tacf48
-
MD5
d1df30c028ebba38b2f3d799169f1908
-
SHA1
ccd153558ed89a2faf0cedc8cff31f9eeb0ee160
-
SHA256
0949ad6bf2c4b3bf494f88d16973650573daa32580f34981b44ef461ad08aac0
-
SHA512
ca14ee2fc773877bf4f39fefdcb3446a402656169487abb8861c0721c1ebd841167fa36669e3253ac3bea52722f21d5267cb9562f69a2cb8876b0636ab342c6c
-
SSDEEP
24576:TyGSy0aKDv5mp9FWmKAnrUTKTl+iqaTakexkYe:mG/iRmpWmKAATzP5x
Static task
static1
Behavioral task
behavioral1
Sample
d1df30c028ebba38b2f3d799169f1908.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rovno
83.97.73.130:19061
-
auth_value
88306b072bfae0d9e44ed86a222b439d
Extracted
redline
lupa
83.97.73.130:19061
-
auth_value
6a764aa41830c77712442516d143bc9c
Extracted
amadey
3.81
95.214.27.98/cronus/index.php
Targets
-
-
Target
d1df30c028ebba38b2f3d799169f1908.exe
-
Size
848KB
-
MD5
d1df30c028ebba38b2f3d799169f1908
-
SHA1
ccd153558ed89a2faf0cedc8cff31f9eeb0ee160
-
SHA256
0949ad6bf2c4b3bf494f88d16973650573daa32580f34981b44ef461ad08aac0
-
SHA512
ca14ee2fc773877bf4f39fefdcb3446a402656169487abb8861c0721c1ebd841167fa36669e3253ac3bea52722f21d5267cb9562f69a2cb8876b0636ab342c6c
-
SSDEEP
24576:TyGSy0aKDv5mp9FWmKAnrUTKTl+iqaTakexkYe:mG/iRmpWmKAATzP5x
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-