General
-
Target
c959056757fd5d62adde3124f439cce32ee8faa18f2e8db08d4b25320575099d
-
Size
714KB
-
Sample
230622-sfnc7sgd6s
-
MD5
61b91cfd8640254c32890bcc935f8c5a
-
SHA1
cbbe3bc6b8d349464a3933c9a01ac77f0e94f204
-
SHA256
c959056757fd5d62adde3124f439cce32ee8faa18f2e8db08d4b25320575099d
-
SHA512
be86f8513bcdef33f881d0875407da2531f910e556022097927660bbe3f9aefeae148ede27a06c93dc670ef2c66410d070f944b2a2e660df8fd05d07ae568903
-
SSDEEP
12288:yztKeujWeeIOahJfWJSn/aetKfH51KYeIEGnogs6e86VbG:yk8eeYn/aetKMGnZsXtVbG
Static task
static1
Behavioral task
behavioral1
Sample
c959056757fd5d62adde3124f439cce32ee8faa18f2e8db08d4b25320575099d.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
c959056757fd5d62adde3124f439cce32ee8faa18f2e8db08d4b25320575099d
-
Size
714KB
-
MD5
61b91cfd8640254c32890bcc935f8c5a
-
SHA1
cbbe3bc6b8d349464a3933c9a01ac77f0e94f204
-
SHA256
c959056757fd5d62adde3124f439cce32ee8faa18f2e8db08d4b25320575099d
-
SHA512
be86f8513bcdef33f881d0875407da2531f910e556022097927660bbe3f9aefeae148ede27a06c93dc670ef2c66410d070f944b2a2e660df8fd05d07ae568903
-
SSDEEP
12288:yztKeujWeeIOahJfWJSn/aetKfH51KYeIEGnogs6e86VbG:yk8eeYn/aetKMGnZsXtVbG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-