General
-
Target
c382b04b2f8c4f9c91130732e2fafecacc173bc391b8d37d421c692d4dda16e5
-
Size
712KB
-
Sample
230622-remvlseg82
-
MD5
5128f567bb4e7d293197a223c37833cc
-
SHA1
5d2c1ced0000d97bddde0e27cd9c2c83492b23a4
-
SHA256
c382b04b2f8c4f9c91130732e2fafecacc173bc391b8d37d421c692d4dda16e5
-
SHA512
b930521d63a0fef08262df269a5bd836980d30427ca344be707589b3bca55c435ade06a605c237d8730dd033e1cb93c1e74e92ccc971d765bc7c9a59729757aa
-
SSDEEP
12288:6KztKe0jWeeIOZaJkWJSn/PdUUCnsvi4VAY26DMzQ0zKGI1BJy:6KkeeeTn/CUVvjyY26WQ0GGI1B
Static task
static1
Behavioral task
behavioral1
Sample
c382b04b2f8c4f9c91130732e2fafecacc173bc391b8d37d421c692d4dda16e5.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
c382b04b2f8c4f9c91130732e2fafecacc173bc391b8d37d421c692d4dda16e5
-
Size
712KB
-
MD5
5128f567bb4e7d293197a223c37833cc
-
SHA1
5d2c1ced0000d97bddde0e27cd9c2c83492b23a4
-
SHA256
c382b04b2f8c4f9c91130732e2fafecacc173bc391b8d37d421c692d4dda16e5
-
SHA512
b930521d63a0fef08262df269a5bd836980d30427ca344be707589b3bca55c435ade06a605c237d8730dd033e1cb93c1e74e92ccc971d765bc7c9a59729757aa
-
SSDEEP
12288:6KztKe0jWeeIOZaJkWJSn/PdUUCnsvi4VAY26DMzQ0zKGI1BJy:6KkeeeTn/CUVvjyY26WQ0GGI1B
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-