General
-
Target
42fe32f8242c42748f9eb07353bd76f6556aaf151b4c11948add784c17122ce8
-
Size
799KB
-
Sample
230616-nffwxaeg24
-
MD5
5b6413820d98430f27aa13ba72241ec1
-
SHA1
35900ab241a92f1a7982bd8dc49e7aba54b6d510
-
SHA256
42fe32f8242c42748f9eb07353bd76f6556aaf151b4c11948add784c17122ce8
-
SHA512
9a664806d9dc63c33e38302716514b1747d6a4c2b65c302959c985e3e3ec0c3a6f33c331933c2eb68e420aee128454c981c424d267327afa1e36281a8ef1812e
-
SSDEEP
12288:iMrJy90Fb8XaZRFi2zJw1tlT1vO8o+PpXxpL36370k+w1KUcd7cTC8uqZ/PWRT9X:fyUSa1VUtfO6XjLiKjSC7gPOT9BZL
Static task
static1
Malware Config
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Extracted
redline
lana
83.97.73.130:19061
-
auth_value
abf586398e9d8028235753690306b7fa
Extracted
amadey
3.81
95.214.27.98/cronus/index.php
Targets
-
-
Target
42fe32f8242c42748f9eb07353bd76f6556aaf151b4c11948add784c17122ce8
-
Size
799KB
-
MD5
5b6413820d98430f27aa13ba72241ec1
-
SHA1
35900ab241a92f1a7982bd8dc49e7aba54b6d510
-
SHA256
42fe32f8242c42748f9eb07353bd76f6556aaf151b4c11948add784c17122ce8
-
SHA512
9a664806d9dc63c33e38302716514b1747d6a4c2b65c302959c985e3e3ec0c3a6f33c331933c2eb68e420aee128454c981c424d267327afa1e36281a8ef1812e
-
SSDEEP
12288:iMrJy90Fb8XaZRFi2zJw1tlT1vO8o+PpXxpL36370k+w1KUcd7cTC8uqZ/PWRT9X:fyUSa1VUtfO6XjLiKjSC7gPOT9BZL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-