General
-
Target
JC_3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8
-
Size
1.5MB
-
Sample
230905-s8qn2aha22
-
MD5
d59d3d8b1f94445fd2223082218ef44a
-
SHA1
35f12851ca1654b4e0c86e8fe77f00229ce0f2ed
-
SHA256
3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8
-
SHA512
90596fbdad452adff4b8ea1af8d07936a62d5252c0c10486b33899aee924cd93c43a6a31047a87987563e03a8afc2da5c625120bbe20c0310edd40318d99c958
-
SSDEEP
24576:/yWhhO/v+kDbAHqmVcTgm7DAKoHBSzmlTJ/h7NuboMh1PJnKttnEXSLHikLUIflh:KZmkDfmMgm3AKoHBTTJ5RuboOQ6eH/x
Static task
static1
Behavioral task
behavioral1
Sample
JC_3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
JC_3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
JC_3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8
-
Size
1.5MB
-
MD5
d59d3d8b1f94445fd2223082218ef44a
-
SHA1
35f12851ca1654b4e0c86e8fe77f00229ce0f2ed
-
SHA256
3ad4041b54640df6afff8f014be6bdc4d1c2fac5b4021994d6e796059f8602c8
-
SHA512
90596fbdad452adff4b8ea1af8d07936a62d5252c0c10486b33899aee924cd93c43a6a31047a87987563e03a8afc2da5c625120bbe20c0310edd40318d99c958
-
SSDEEP
24576:/yWhhO/v+kDbAHqmVcTgm7DAKoHBSzmlTJ/h7NuboMh1PJnKttnEXSLHikLUIflh:KZmkDfmMgm3AKoHBTTJ5RuboOQ6eH/x
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-