General
-
Target
file
-
Size
2.2MB
-
Sample
240105-p2sy2accfn
-
MD5
7a13263bcdc6ec934152d2ae80c5eb91
-
SHA1
c4834ac28e1e373d747f5a822037fedc973cfb70
-
SHA256
3e0159326f354109d2b468ead12982d5d33d6d5936081eb59903965b995bad22
-
SHA512
69187b2807011b0a0d789cbe03c289914593c97fb636e78e90ed2ddeba039275deb9062e3b7ca1fb08127888149f0d1c3f4c7096952944281ed76ab9a40ec118
-
SSDEEP
49152:iIVsfros222h76y5gY+gkasdRiwN4W7POaM4gl6jfPru8Okk:xVpsQ155gY+Ysdcw4UPnI0fPK8Ot
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
amadey
4.15
http://185.215.113.68
-
install_dir
d887ceb89d
-
install_file
explorhe.exe
-
strings_key
7cadc181267fafff9df8503e730d60e1
-
url_paths
/theme/index.php
Extracted
redline
LiveTrafic
20.79.30.95:13856
Extracted
redline
@Pixelive
195.20.16.103:20440
Extracted
redline
Legaa
185.172.128.33:38294
Targets
-
-
Target
file
-
Size
2.2MB
-
MD5
7a13263bcdc6ec934152d2ae80c5eb91
-
SHA1
c4834ac28e1e373d747f5a822037fedc973cfb70
-
SHA256
3e0159326f354109d2b468ead12982d5d33d6d5936081eb59903965b995bad22
-
SHA512
69187b2807011b0a0d789cbe03c289914593c97fb636e78e90ed2ddeba039275deb9062e3b7ca1fb08127888149f0d1c3f4c7096952944281ed76ab9a40ec118
-
SSDEEP
49152:iIVsfros222h76y5gY+gkasdRiwN4W7POaM4gl6jfPru8Okk:xVpsQ155gY+Ysdcw4UPnI0fPK8Ot
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-