General
-
Target
0cc653520fb3959ba64ba055753e59207677167ac311691d5cd5494eeb1a7da3
-
Size
801KB
-
Sample
230616-ngpkfaeg35
-
MD5
ca9b5cb1f620ee12ae897fbb79b7a505
-
SHA1
ed12638906da26bb2b46d044b416bebcf5449072
-
SHA256
0cc653520fb3959ba64ba055753e59207677167ac311691d5cd5494eeb1a7da3
-
SHA512
71bac08d1fa19fd87daeb0beec824dd21401dfe55eac4f75324492bcbac1dc0c8bb72ae39ed1607ee4c46dc26a4eaae5a07ffe2d69d45fd74b7ca136c82e032d
-
SSDEEP
12288:YMroy90LYFYpOyXrZ56ZYmUOz/GxHSRN7zjB/oDd7xFsnvL4ekTQOhRa:wyWgyXrZ56ZSKGl47zyDd7xna
Static task
static1
Malware Config
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Extracted
redline
mana
83.97.73.130:19061
-
auth_value
4f5139d6c845fe72d05faf05763b6c31
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
0cc653520fb3959ba64ba055753e59207677167ac311691d5cd5494eeb1a7da3
-
Size
801KB
-
MD5
ca9b5cb1f620ee12ae897fbb79b7a505
-
SHA1
ed12638906da26bb2b46d044b416bebcf5449072
-
SHA256
0cc653520fb3959ba64ba055753e59207677167ac311691d5cd5494eeb1a7da3
-
SHA512
71bac08d1fa19fd87daeb0beec824dd21401dfe55eac4f75324492bcbac1dc0c8bb72ae39ed1607ee4c46dc26a4eaae5a07ffe2d69d45fd74b7ca136c82e032d
-
SSDEEP
12288:YMroy90LYFYpOyXrZ56ZYmUOz/GxHSRN7zjB/oDd7xFsnvL4ekTQOhRa:wyWgyXrZ56ZSKGl47zyDd7xna
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-