General
-
Target
183792ecf2eb81344c03be37091935e5.exe
-
Size
813KB
-
Sample
230614-kr54dsfc9z
-
MD5
183792ecf2eb81344c03be37091935e5
-
SHA1
573df69587760a63e8e8a7b6a26021f66071dc02
-
SHA256
b9892a1271e9383be0202403c7c09e6712fc51c28f69385678dd13a2aea823d8
-
SHA512
12e8da95cb65477f3c28fbc9ebcdfd2ded3040f45aa54c3268df144dc1004ea986d36405141c56f9e83d1af01fcf7761b84493d244b94c7d32f500af435d71c0
-
SSDEEP
24576:ayIqN8I8ndfRw7kogn8/yOtqX84g0yhc7qvIl:hIquLndKwog8qOtqTIm7i
Static task
static1
Behavioral task
behavioral1
Sample
183792ecf2eb81344c03be37091935e5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
rovno
83.97.73.130:19061
-
auth_value
88306b072bfae0d9e44ed86a222b439d
Extracted
redline
lupa
83.97.73.130:19061
-
auth_value
6a764aa41830c77712442516d143bc9c
Extracted
amadey
3.81
95.214.27.98/cronus/index.php
Targets
-
-
Target
183792ecf2eb81344c03be37091935e5.exe
-
Size
813KB
-
MD5
183792ecf2eb81344c03be37091935e5
-
SHA1
573df69587760a63e8e8a7b6a26021f66071dc02
-
SHA256
b9892a1271e9383be0202403c7c09e6712fc51c28f69385678dd13a2aea823d8
-
SHA512
12e8da95cb65477f3c28fbc9ebcdfd2ded3040f45aa54c3268df144dc1004ea986d36405141c56f9e83d1af01fcf7761b84493d244b94c7d32f500af435d71c0
-
SSDEEP
24576:ayIqN8I8ndfRw7kogn8/yOtqX84g0yhc7qvIl:hIquLndKwog8qOtqTIm7i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-