General
-
Target
09810499.exe
-
Size
960KB
-
Sample
230623-jm84taee71
-
MD5
c3eeb2ad0286d66a8a85685645234cea
-
SHA1
e9f2daf527f62ef43a008d1b3b9c898f744b817c
-
SHA256
6a5ded522f07bc4cd4c2212ae4bcc7467960a9e275218cfa6a0c85ce9757a7e8
-
SHA512
8fcd7d345e3b5f5ce8f42abe6304a6ee81b0dab0cdb968fc447dff09e577993b530a3b0f557548cffa33609ada6c5e38c5db7b9f35091a77781aae228d4a9d5a
-
SSDEEP
24576:8zWBi7LNyJjFFzSNCJY3tw3zPTKd4ig59:8zWBi7L4BSNCJNzZigv
Static task
static1
Behavioral task
behavioral1
Sample
09810499.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
09810499.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
furga
83.97.73.128:19071
-
auth_value
1b7af6db7a79a3475798fcf494818be7
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
09810499.exe
-
Size
960KB
-
MD5
c3eeb2ad0286d66a8a85685645234cea
-
SHA1
e9f2daf527f62ef43a008d1b3b9c898f744b817c
-
SHA256
6a5ded522f07bc4cd4c2212ae4bcc7467960a9e275218cfa6a0c85ce9757a7e8
-
SHA512
8fcd7d345e3b5f5ce8f42abe6304a6ee81b0dab0cdb968fc447dff09e577993b530a3b0f557548cffa33609ada6c5e38c5db7b9f35091a77781aae228d4a9d5a
-
SSDEEP
24576:8zWBi7LNyJjFFzSNCJY3tw3zPTKd4ig59:8zWBi7L4BSNCJNzZigv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-