General
-
Target
947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff
-
Size
1.4MB
-
Sample
230831-yd85sahg2v
-
MD5
b42867026fc3ac655d89369edd71a7ca
-
SHA1
cfb3fb8665299ef09cc465ef07e21e5e3296cd52
-
SHA256
947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff
-
SHA512
d6571f654fa3434036a5fe2bbaa726acca26983afe526f55ca7f11593769338d9bb82b324c418b42a944f40fe61f4b8ccb9ee1da166010a1e1eabff007c2ee96
-
SSDEEP
24576:TyCMEf0Og3j3uE2zJMKq6NliIH/Lju8KUxKxycLjhxiE4A2EbTRMH0FXBpW7430s:mC3f0O8jDpKq6Nl7/j0xycXQEbTRMiXx
Static task
static1
Behavioral task
behavioral1
Sample
947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
jang
77.91.124.82:19071
-
auth_value
662102010afcbe9e22b13116b1c1a088
Targets
-
-
Target
947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff
-
Size
1.4MB
-
MD5
b42867026fc3ac655d89369edd71a7ca
-
SHA1
cfb3fb8665299ef09cc465ef07e21e5e3296cd52
-
SHA256
947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff
-
SHA512
d6571f654fa3434036a5fe2bbaa726acca26983afe526f55ca7f11593769338d9bb82b324c418b42a944f40fe61f4b8ccb9ee1da166010a1e1eabff007c2ee96
-
SSDEEP
24576:TyCMEf0Og3j3uE2zJMKq6NliIH/Lju8KUxKxycLjhxiE4A2EbTRMH0FXBpW7430s:mC3f0O8jDpKq6Nl7/j0xycXQEbTRMiXx
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-