General
-
Target
08c8b46d295e290141686ab1b2855548.bin
-
Size
1.5MB
-
Sample
230906-bdawnacd7s
-
MD5
107ff62fb9ddcf0b07bbe04e4888e5f4
-
SHA1
a809191a16425113eaea61e50877ca80a62e4471
-
SHA256
447cdc894e9b32fc82e5b54f46fed2e377b215c36c42a6f9832626230993f43f
-
SHA512
4f5280cbc7a1984725de62b3add6eceb27ab9e8b96debbcacb7d9c886085e212824ba8646ace0b9ef41c05cb82ab446849c078e8e5a619fd0902778867c3867b
-
SSDEEP
24576:Pd57QHb3Voj/sduyNUHEZh3vYS2oxhGbO2XRSbZ3mfbOfT/w0BPbT9Rb:PPsxojjEn/22SR2Z3f3zTnb
Static task
static1
Behavioral task
behavioral1
Sample
2288f74f56cd376862001d460688693eb97f19e2340f7a0a6a11bbc2d62c7940.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
2288f74f56cd376862001d460688693eb97f19e2340f7a0a6a11bbc2d62c7940.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
2288f74f56cd376862001d460688693eb97f19e2340f7a0a6a11bbc2d62c7940.exe
-
Size
1.5MB
-
MD5
08c8b46d295e290141686ab1b2855548
-
SHA1
7a354148044020ea2289b57983fe7d70b1ab6b91
-
SHA256
2288f74f56cd376862001d460688693eb97f19e2340f7a0a6a11bbc2d62c7940
-
SHA512
752e32f336d6fc9eb2ee5f95fa585abd92b469eda88e03b500ca7a40861a8bf906a73ae5125b33cb741466bf11f7c3a16f2cceb8d7ef92de619f69a1471b2bdd
-
SSDEEP
49152:5z9G6KrsCd1NJZ0KWqNTMt2ehqI0l9A0S/K1Ye8:5c6KrsC/NcKvNABhT0lu0Sy1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-