General
-
Target
z5584583_JC.exe
-
Size
931KB
-
Sample
230906-x69fksbc89
-
MD5
1b50a5485c6c287bc4f5f93260ce1539
-
SHA1
974ea62171812b8db43d7e996646dfa71dc9dd11
-
SHA256
983227c64ef1cb2a8f223f11a846e68dbf5e3fc11a7671c155ce18780d32bb5e
-
SHA512
2e05d09e9f6d4eebdfc3cf401ec68547773f3d774f37869289cf9dc5e3a1b2b44f98306b720e536ba7d6ba7610804fb669b820682dc7d35e67d7332f02d847e0
-
SSDEEP
24576:hy2VWAn7WGzG8TwRIqnoOreMzh4t1kS45b/4gv:UcWAn62G8TeIqZPStOP
Static task
static1
Behavioral task
behavioral1
Sample
z5584583_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
z5584583_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
z5584583_JC.exe
-
Size
931KB
-
MD5
1b50a5485c6c287bc4f5f93260ce1539
-
SHA1
974ea62171812b8db43d7e996646dfa71dc9dd11
-
SHA256
983227c64ef1cb2a8f223f11a846e68dbf5e3fc11a7671c155ce18780d32bb5e
-
SHA512
2e05d09e9f6d4eebdfc3cf401ec68547773f3d774f37869289cf9dc5e3a1b2b44f98306b720e536ba7d6ba7610804fb669b820682dc7d35e67d7332f02d847e0
-
SSDEEP
24576:hy2VWAn7WGzG8TwRIqnoOreMzh4t1kS45b/4gv:UcWAn62G8TeIqZPStOP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1