General
-
Target
ae051e75781ba40a784b780ad452793d5a0ddfe55b3fdb42f15621311bdf8d87
-
Size
679KB
-
Sample
230622-sern8sfa58
-
MD5
42c6870e281355b75702de2284b60c0d
-
SHA1
c67d9487e8684cb20098ad5eb419f66976e8fc0f
-
SHA256
ae051e75781ba40a784b780ad452793d5a0ddfe55b3fdb42f15621311bdf8d87
-
SHA512
348c0635cd226cd610aa52e90a0b78224e7d0599e5436fa2e96c1643aed2911b435cf7f5ce5b151439452a9f08cffce8183472757cbb8ceb63bcf050ae02a221
-
SSDEEP
12288:vST9E5eJhmeuXDtKTEoWJSn/PIjDtXi9h17pUpNwAYNOmeD:vSe5Deuin/AHtXi937WpNAcmeD
Static task
static1
Behavioral task
behavioral1
Sample
ae051e75781ba40a784b780ad452793d5a0ddfe55b3fdb42f15621311bdf8d87.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
ae051e75781ba40a784b780ad452793d5a0ddfe55b3fdb42f15621311bdf8d87
-
Size
679KB
-
MD5
42c6870e281355b75702de2284b60c0d
-
SHA1
c67d9487e8684cb20098ad5eb419f66976e8fc0f
-
SHA256
ae051e75781ba40a784b780ad452793d5a0ddfe55b3fdb42f15621311bdf8d87
-
SHA512
348c0635cd226cd610aa52e90a0b78224e7d0599e5436fa2e96c1643aed2911b435cf7f5ce5b151439452a9f08cffce8183472757cbb8ceb63bcf050ae02a221
-
SSDEEP
12288:vST9E5eJhmeuXDtKTEoWJSn/PIjDtXi9h17pUpNwAYNOmeD:vSe5Deuin/AHtXi937WpNAcmeD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-