General
-
Target
8e290cf9f4d7a2f0e5d8e65b53b6bc91b26f1636c92ddecb61f9f585e6320247
-
Size
800KB
-
Sample
230616-m2rpvsec6t
-
MD5
148cd2ff2f93e3ffa793ac9f31a71569
-
SHA1
5b78279fda3e5768194f3f5cb0a38a0ca2ee32e2
-
SHA256
8e290cf9f4d7a2f0e5d8e65b53b6bc91b26f1636c92ddecb61f9f585e6320247
-
SHA512
0eda07be81bfe92078d9f7e56fee56e64c516557e030888ffae0b5a0dd9a7e4b13b2dcb01a04d3aa6ac5196c3c5ec15c204cd772a4fd0b838009b7b2aa88a4ac
-
SSDEEP
12288:vMrmy907hklnfZk0+tcmhDV1ggNIuUrKgIhBs15+uEQcIyT4iHFM:NyJ1mhD/gAIrchBs7BE9IyM
Static task
static1
Malware Config
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Extracted
redline
mana
83.97.73.130:19061
-
auth_value
4f5139d6c845fe72d05faf05763b6c31
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
8e290cf9f4d7a2f0e5d8e65b53b6bc91b26f1636c92ddecb61f9f585e6320247
-
Size
800KB
-
MD5
148cd2ff2f93e3ffa793ac9f31a71569
-
SHA1
5b78279fda3e5768194f3f5cb0a38a0ca2ee32e2
-
SHA256
8e290cf9f4d7a2f0e5d8e65b53b6bc91b26f1636c92ddecb61f9f585e6320247
-
SHA512
0eda07be81bfe92078d9f7e56fee56e64c516557e030888ffae0b5a0dd9a7e4b13b2dcb01a04d3aa6ac5196c3c5ec15c204cd772a4fd0b838009b7b2aa88a4ac
-
SSDEEP
12288:vMrmy907hklnfZk0+tcmhDV1ggNIuUrKgIhBs15+uEQcIyT4iHFM:NyJ1mhD/gAIrchBs7BE9IyM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-