General
-
Target
bc0221334841bb6ccd5fa8e201f44420.exe
-
Size
576KB
-
Sample
230616-nd92zaef83
-
MD5
bc0221334841bb6ccd5fa8e201f44420
-
SHA1
445d5beaafdf7ecd9cb530ff86eeb88ed450a84a
-
SHA256
9b25db97a31cd678b68c6cde52c00956c162a8904691baeed44d8cb90ec1485f
-
SHA512
34b45a82558a14f077a9639c98e59558ea668a2c12f2e7d962ea1d9120dfef74367611c0dec1c3d0b002600421927bf12f1104474f0a82f40d1dca8488d82ac3
-
SSDEEP
12288:fMrcy90PE1E41h1cx/nSriJy6w+YdT7/W+tBeqXy4OCb:jyT1E411igLlhhOCb
Static task
static1
Behavioral task
behavioral1
Sample
bc0221334841bb6ccd5fa8e201f44420.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
bc0221334841bb6ccd5fa8e201f44420.exe
-
Size
576KB
-
MD5
bc0221334841bb6ccd5fa8e201f44420
-
SHA1
445d5beaafdf7ecd9cb530ff86eeb88ed450a84a
-
SHA256
9b25db97a31cd678b68c6cde52c00956c162a8904691baeed44d8cb90ec1485f
-
SHA512
34b45a82558a14f077a9639c98e59558ea668a2c12f2e7d962ea1d9120dfef74367611c0dec1c3d0b002600421927bf12f1104474f0a82f40d1dca8488d82ac3
-
SSDEEP
12288:fMrcy90PE1E41h1cx/nSriJy6w+YdT7/W+tBeqXy4OCb:jyT1E411igLlhhOCb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-