General
-
Target
6b66c265183820fee2d43b61b4eb67ed.exe
-
Size
778KB
-
Sample
230619-masg3sec9v
-
MD5
6b66c265183820fee2d43b61b4eb67ed
-
SHA1
ae2bd8c030d1bab1e6db6920e0af399026c7c087
-
SHA256
e3f6dfc1fe7f7174216c3e06c60b7443e60cc52d6f50d42451ef7177388b7726
-
SHA512
115f030d0cfaab453ab5370a591be01fc8477b148387f38eefba37a8f0a52b81b09860a8f29f7a250738c57d76a85aae22ad71fd7bc28e5cb7540c3e6ff5a9c1
-
SSDEEP
12288:JMrCy90eqkwFcTUC2BWYyH9Ptz/yAjGmlhu/xxbOJdiPO5s7izyJVh0hTCa98ikE:PypIf0YAlysn+xbq+RDjhEX9JkHEshu
Static task
static1
Behavioral task
behavioral1
Sample
6b66c265183820fee2d43b61b4eb67ed.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
redline
diza
83.97.73.128:19071
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
6b66c265183820fee2d43b61b4eb67ed.exe
-
Size
778KB
-
MD5
6b66c265183820fee2d43b61b4eb67ed
-
SHA1
ae2bd8c030d1bab1e6db6920e0af399026c7c087
-
SHA256
e3f6dfc1fe7f7174216c3e06c60b7443e60cc52d6f50d42451ef7177388b7726
-
SHA512
115f030d0cfaab453ab5370a591be01fc8477b148387f38eefba37a8f0a52b81b09860a8f29f7a250738c57d76a85aae22ad71fd7bc28e5cb7540c3e6ff5a9c1
-
SSDEEP
12288:JMrCy90eqkwFcTUC2BWYyH9Ptz/yAjGmlhu/xxbOJdiPO5s7izyJVh0hTCa98ikE:PypIf0YAlysn+xbq+RDjhEX9JkHEshu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-