General
-
Target
4664598674dd7bc96fccd5eead500dc0.bin
-
Size
893KB
-
Sample
230906-bp6sgace4z
-
MD5
005f59c0c1af352c4f7b91b44ee75a48
-
SHA1
983b91a1277fba1be3eee746b9563cd06733c90a
-
SHA256
3babb81d6dfac75da610fdd1d3d664c1d5a0427499391ff7b244e4a6b54bbadc
-
SHA512
995e08cf2bb4a8d0fe7a9869986ba1ca90a752b9578233f944911550c983f08bd9a772e659faa4246ecd9e3d2e10bd90ae3258f14dfdffc7ddbd62b332628691
-
SSDEEP
24576:WBw8G6gdgcyQRLS2/UZ0BnLcHaSFvpU2RNvcJyEFfh:i7gd1yk1OFvvpJWJdT
Static task
static1
Behavioral task
behavioral1
Sample
cfb70fdfe8a50fb80f2d00533c93e44fadde26fcf768b7244e5328c0a9ae7b25.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
cfb70fdfe8a50fb80f2d00533c93e44fadde26fcf768b7244e5328c0a9ae7b25.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
cfb70fdfe8a50fb80f2d00533c93e44fadde26fcf768b7244e5328c0a9ae7b25.exe
-
Size
937KB
-
MD5
4664598674dd7bc96fccd5eead500dc0
-
SHA1
ac5f98ac2e662b733896d3fbeee2a284466028cc
-
SHA256
cfb70fdfe8a50fb80f2d00533c93e44fadde26fcf768b7244e5328c0a9ae7b25
-
SHA512
81296efc2ca7b478b07b9ec6d0ca7f812288dfd989620446f25a64e1ee94cd882c58c849039e9b9f93fd70511fd2ea427bb47f8a8134fea30782c16b300785bf
-
SSDEEP
24576:4ylX+t8ASyt/xdpWB1T/VnhrBzNZkmlWza3EqMbE:/U8AJ/xdpWB5p5XZkh3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1