General
-
Target
7e526a7cc0a3a95907c7909bc09b90a8ab0a60332842d4fc450a26f8a12645ed
-
Size
736KB
-
Sample
230616-ln9svadh9w
-
MD5
0c59eca20ada9e65ac147553bfa2412c
-
SHA1
702cf92ff8e6f774a459e782494153c7795f8831
-
SHA256
7e526a7cc0a3a95907c7909bc09b90a8ab0a60332842d4fc450a26f8a12645ed
-
SHA512
336f54a1f22a46e24e9450d29ba24331faf69509e763145da5f632342245c52a23b68138901aee5d435529e72c985d5e37395bfbda8d36786168e98856247fc0
-
SSDEEP
12288:fMrty905jkeWyjkjF6BYMTPOnvruTovBZMnk0QVpk1rKb8qeJ1SBM5kMjN03Ml1l:WywwMgk0vrJvDMRWpk1i8q+1AFMJ0MIS
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
7e526a7cc0a3a95907c7909bc09b90a8ab0a60332842d4fc450a26f8a12645ed
-
Size
736KB
-
MD5
0c59eca20ada9e65ac147553bfa2412c
-
SHA1
702cf92ff8e6f774a459e782494153c7795f8831
-
SHA256
7e526a7cc0a3a95907c7909bc09b90a8ab0a60332842d4fc450a26f8a12645ed
-
SHA512
336f54a1f22a46e24e9450d29ba24331faf69509e763145da5f632342245c52a23b68138901aee5d435529e72c985d5e37395bfbda8d36786168e98856247fc0
-
SSDEEP
12288:fMrty905jkeWyjkjF6BYMTPOnvruTovBZMnk0QVpk1rKb8qeJ1SBM5kMjN03Ml1l:WywwMgk0vrJvDMRWpk1i8q+1AFMJ0MIS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-