General
-
Target
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f_JC.exe
-
Size
865KB
-
Sample
231001-y8ngkafa62
-
MD5
9208d801174d1519ebd285c29622fe2e
-
SHA1
15cc48c7d57d84f7923c8f66cab0046536f981b8
-
SHA256
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f
-
SHA512
e159a367c66fd75c30d01298140371d046166c0eafba69ab9eb55d4547fb098aa9e53fb068fa3bd81a86d83071172840e2b717cef03bbbddef922bea45d80b67
-
SSDEEP
12288:OMr8y90RKh4r3zQQsIFlIWQLfgGGm4zxWjKfzKJOXBtXum4U+Jj7upN9px3motit:myR4rjjoWqfDG06zoUanX49px3ALZ
Static task
static1
Behavioral task
behavioral1
Sample
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f_JC.exe
-
Size
865KB
-
MD5
9208d801174d1519ebd285c29622fe2e
-
SHA1
15cc48c7d57d84f7923c8f66cab0046536f981b8
-
SHA256
b514ed376c311f2273b95a856762a103bea06d193394e539733b6df70cc5ec4f
-
SHA512
e159a367c66fd75c30d01298140371d046166c0eafba69ab9eb55d4547fb098aa9e53fb068fa3bd81a86d83071172840e2b717cef03bbbddef922bea45d80b67
-
SSDEEP
12288:OMr8y90RKh4r3zQQsIFlIWQLfgGGm4zxWjKfzKJOXBtXum4U+Jj7upN9px3motit:myR4rjjoWqfDG06zoUanX49px3ALZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-