General
-
Target
66a46807b5d59a6d7dc7f88682e8de703ac0f79f506615522b9d225b98fe31bc
-
Size
734KB
-
Sample
230616-nqc8rsee3s
-
MD5
5f54d7288a42459662ad02292e6368af
-
SHA1
deb8fd23885660d77a5b492e0c14083a5858f5f4
-
SHA256
66a46807b5d59a6d7dc7f88682e8de703ac0f79f506615522b9d225b98fe31bc
-
SHA512
826b3c57eae9c58830767cedfa3d92359f684767b3f38b342fb3934d232486ce4f2b7025ff51957818c8cfe3c245fc46b83b436b54a4bd97c6284eebfc51f911
-
SSDEEP
12288:lMrvy90zGI9fBFkcSKr4yS21TCtVq+v5XXtRUPtw5T1JhAa3YDaER:yyKGInIKim+TBXdOPtKJhAay
Static task
static1
Malware Config
Extracted
redline
dana
83.97.73.130:19061
-
auth_value
da2d1691db653e49676d799e1eae2673
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
joker
83.97.73.130:19061
-
auth_value
a98d303cc28bb3b32a23c59214ae3bc0
Targets
-
-
Target
66a46807b5d59a6d7dc7f88682e8de703ac0f79f506615522b9d225b98fe31bc
-
Size
734KB
-
MD5
5f54d7288a42459662ad02292e6368af
-
SHA1
deb8fd23885660d77a5b492e0c14083a5858f5f4
-
SHA256
66a46807b5d59a6d7dc7f88682e8de703ac0f79f506615522b9d225b98fe31bc
-
SHA512
826b3c57eae9c58830767cedfa3d92359f684767b3f38b342fb3934d232486ce4f2b7025ff51957818c8cfe3c245fc46b83b436b54a4bd97c6284eebfc51f911
-
SSDEEP
12288:lMrvy90zGI9fBFkcSKr4yS21TCtVq+v5XXtRUPtw5T1JhAa3YDaER:yyKGInIKim+TBXdOPtKJhAay
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-