General
-
Target
256b88620b6108df048292c7aa574e7668536b2d47bd20adfa490a7ce315f05e
-
Size
712KB
-
Sample
230622-qgv4bsfh21
-
MD5
65715f4fbd3e7276eb97b9b19d782417
-
SHA1
4d92f73f0e24d43787ef6db915e0d1f5fe502975
-
SHA256
256b88620b6108df048292c7aa574e7668536b2d47bd20adfa490a7ce315f05e
-
SHA512
bf1e01f5e73598109d20b4960d5138281697cd9fe72f2d559acf6e561a0d09b8c18bfeca221f98f475d9ca8155a2f9593d2558cb8f9e41e46dd287bf8d294043
-
SSDEEP
12288:gztKekjWeeIOZaqKWJSn/fL3hye8Nq6JTsHlgbLeXpA+h3h:gkueeKn/fLuN3TsHlg0bf
Static task
static1
Behavioral task
behavioral1
Sample
256b88620b6108df048292c7aa574e7668536b2d47bd20adfa490a7ce315f05e.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
256b88620b6108df048292c7aa574e7668536b2d47bd20adfa490a7ce315f05e
-
Size
712KB
-
MD5
65715f4fbd3e7276eb97b9b19d782417
-
SHA1
4d92f73f0e24d43787ef6db915e0d1f5fe502975
-
SHA256
256b88620b6108df048292c7aa574e7668536b2d47bd20adfa490a7ce315f05e
-
SHA512
bf1e01f5e73598109d20b4960d5138281697cd9fe72f2d559acf6e561a0d09b8c18bfeca221f98f475d9ca8155a2f9593d2558cb8f9e41e46dd287bf8d294043
-
SSDEEP
12288:gztKekjWeeIOZaqKWJSn/fL3hye8Nq6JTsHlgbLeXpA+h3h:gkueeKn/fLuN3TsHlg0bf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-