General
-
Target
26bef6551c764b8d4b901bd5af3f2d8a00d79f1ed544b20947e279565cd319e3
-
Size
734KB
-
Sample
230616-njlasseg44
-
MD5
bb3ea37d757dce642726113b632d3ef2
-
SHA1
1ac1f00f9d7419fdf2c0c39662dd9bc795c28553
-
SHA256
26bef6551c764b8d4b901bd5af3f2d8a00d79f1ed544b20947e279565cd319e3
-
SHA512
848b8e7ebd2cf32932af61ff6ba93d2f2848c61c588d58abb71c16d161556832e4e8c37f9921387b9060e6792bbbcc540c3d79c6e6095d5c79364ddae79872d2
-
SSDEEP
12288:dMr1y90uyuN7ljB0VTIt+uKVkA62lHhk7RpNxE8PdT/G9qph/VX8PIW8W1:wyByuVlF1S62WRpNy81D/VX8PIY
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
26bef6551c764b8d4b901bd5af3f2d8a00d79f1ed544b20947e279565cd319e3
-
Size
734KB
-
MD5
bb3ea37d757dce642726113b632d3ef2
-
SHA1
1ac1f00f9d7419fdf2c0c39662dd9bc795c28553
-
SHA256
26bef6551c764b8d4b901bd5af3f2d8a00d79f1ed544b20947e279565cd319e3
-
SHA512
848b8e7ebd2cf32932af61ff6ba93d2f2848c61c588d58abb71c16d161556832e4e8c37f9921387b9060e6792bbbcc540c3d79c6e6095d5c79364ddae79872d2
-
SSDEEP
12288:dMr1y90uyuN7ljB0VTIt+uKVkA62lHhk7RpNxE8PdT/G9qph/VX8PIW8W1:wyByuVlF1S62WRpNy81D/VX8PIY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-