General
-
Target
230906-x5evksbc6s_pw_infected.zip
-
Size
1.4MB
-
Sample
230907-lq3gjsgc9t
-
MD5
9ff5a973313de3b6f0fca69610843bd7
-
SHA1
4235d575d0223bae47b4677c7ca89dcb8ca9089c
-
SHA256
2ca32965e9d45430043a94d612edf4a3c5ca6f206c39155d5bd56390da3849c2
-
SHA512
9ddae909c59a100f6726fcbb354e937b10bacbcda8e12e737a726623907ab1c95589a67295ac6a986f47ba17e1c046d0564ac68cbe82dbd71ec7d44ec5e7b1d1
-
SSDEEP
24576:yWbQaZHgUIlfbUBfGHZUXcI57akKrR1Q1O1ZFRQ8nh9B5tvdI2uBtSLp9jCttT7b:FcaZAUIlo8HIcI57akKPQ+7m89l1u/Sc
Static task
static1
Behavioral task
behavioral1
Sample
y6467268_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
y6467268_JC.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
y6467268_JC.exe
-
Size
1.4MB
-
MD5
ddb5fe9c48ec02d43fe40e3be0fb6972
-
SHA1
adaa8c52351c2412be289f2179ec5ecd7d5c1fcb
-
SHA256
688dfa93e23ecdf662eab782b42fad8732a4a1fa2d39b0a9be1f0c19efb3ede7
-
SHA512
6f6eb01817abaa514f9d989a0339760ed29e64aba390b2214562f36314c3173275bf0b249c50f613e6560169b99d9151f85f8b2abb544ecc91d01a3e3c9eab7a
-
SSDEEP
24576:lyj3+xivG7etKyElnVkgoog/HvHSqOUc1rPM16pHhVno8/2zoIpqDdfO5Bmbs74s:Aj3+gvGytKyElVjo1PvTOtE1YVvrfdX2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-