General
-
Target
08718f99b1857f79451a10c50208064ed118348da4d0ae631bcf1a1c1a02445f
-
Size
390KB
-
Sample
230718-y7kpaadf67
-
MD5
40dda9d9be8a9cb1ef2fb266afd9d71c
-
SHA1
f62c17579d43dda47fe0ab0f35410606c9e6e063
-
SHA256
08718f99b1857f79451a10c50208064ed118348da4d0ae631bcf1a1c1a02445f
-
SHA512
2ab69ad0c4147495be306647fbc273e19b4271303347eb7253d6f442e9db4c067a0f5aeeeea0efa10fc4fb8736e56664d6290603ca6bc5f369ef4e4e03623260
-
SSDEEP
12288:wMrSy90Q9QdYiE1tf8QdUtQJzDL4sj2T:yyaMHUSJDL4sCT
Static task
static1
Behavioral task
behavioral1
Sample
08718f99b1857f79451a10c50208064ed118348da4d0ae631bcf1a1c1a02445f.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.85
77.91.68.3/home/love/index.php
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
08718f99b1857f79451a10c50208064ed118348da4d0ae631bcf1a1c1a02445f
-
Size
390KB
-
MD5
40dda9d9be8a9cb1ef2fb266afd9d71c
-
SHA1
f62c17579d43dda47fe0ab0f35410606c9e6e063
-
SHA256
08718f99b1857f79451a10c50208064ed118348da4d0ae631bcf1a1c1a02445f
-
SHA512
2ab69ad0c4147495be306647fbc273e19b4271303347eb7253d6f442e9db4c067a0f5aeeeea0efa10fc4fb8736e56664d6290603ca6bc5f369ef4e4e03623260
-
SSDEEP
12288:wMrSy90Q9QdYiE1tf8QdUtQJzDL4sj2T:yyaMHUSJDL4sCT
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-