General
-
Target
70bf95ab8e025a9776bca48f47eecd16.exe
-
Size
848KB
-
Sample
230614-hw3gysdh78
-
MD5
70bf95ab8e025a9776bca48f47eecd16
-
SHA1
a6f7192b053c50dda3d6d874f61e1e51105a70c4
-
SHA256
558df7f274fd168e6db46ae7f686b6a0a1e6b6220627db79051a1948ec1d84a9
-
SHA512
7fbf9eb9f3467887292a1ee5bf95d09249e3adb5e2505474836300869e1d7510527f015eee9b93b5410d917cc4cf157a28c745a70834be7a53de52870dbd4da4
-
SSDEEP
24576:iytoO5DyPJ283d7QvYh0XakTn5kWbyXcM3/eK37:JtoOH07QvwdcJbo5eK3
Static task
static1
Behavioral task
behavioral1
Sample
70bf95ab8e025a9776bca48f47eecd16.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rovno
83.97.73.130:19061
-
auth_value
88306b072bfae0d9e44ed86a222b439d
Extracted
redline
maxi
83.97.73.130:19061
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Targets
-
-
Target
70bf95ab8e025a9776bca48f47eecd16.exe
-
Size
848KB
-
MD5
70bf95ab8e025a9776bca48f47eecd16
-
SHA1
a6f7192b053c50dda3d6d874f61e1e51105a70c4
-
SHA256
558df7f274fd168e6db46ae7f686b6a0a1e6b6220627db79051a1948ec1d84a9
-
SHA512
7fbf9eb9f3467887292a1ee5bf95d09249e3adb5e2505474836300869e1d7510527f015eee9b93b5410d917cc4cf157a28c745a70834be7a53de52870dbd4da4
-
SSDEEP
24576:iytoO5DyPJ283d7QvYh0XakTn5kWbyXcM3/eK37:JtoOH07QvwdcJbo5eK3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-