General
-
Target
d895d3572910814cbdde2f48c16ec3fb15a07b2238bb7ec2685f004b527f2cbb
-
Size
693KB
-
Sample
221006-lvrkvahcap
-
MD5
e740fd2f754a367412bc27005e6aaccb
-
SHA1
c60104438c97d9966fa698162c82d2d2b2550c0b
-
SHA256
d895d3572910814cbdde2f48c16ec3fb15a07b2238bb7ec2685f004b527f2cbb
-
SHA512
d48992867d7032c918fe63bab2141c748c3308becbecf0b07a77370d0f33b1fbca542647f7898ccdd179fd23e2f6a90bc50b2b6d5f2a31060650c7883e55f5d3
-
SSDEEP
12288:6S2QRXDD1yed0fsU4GSWaOvPESGj4s32xEdRCSTq:6S2Q9NXw2/wPOjdGxY
Static task
static1
Behavioral task
behavioral1
Sample
d895d3572910814cbdde2f48c16ec3fb15a07b2238bb7ec2685f004b527f2cbb.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
h
185.106.92.139:16578
-
auth_value
d5aafe5ab67bae4a3f7cda3b2e30f9b7
Targets
-
-
Target
d895d3572910814cbdde2f48c16ec3fb15a07b2238bb7ec2685f004b527f2cbb
-
Size
693KB
-
MD5
e740fd2f754a367412bc27005e6aaccb
-
SHA1
c60104438c97d9966fa698162c82d2d2b2550c0b
-
SHA256
d895d3572910814cbdde2f48c16ec3fb15a07b2238bb7ec2685f004b527f2cbb
-
SHA512
d48992867d7032c918fe63bab2141c748c3308becbecf0b07a77370d0f33b1fbca542647f7898ccdd179fd23e2f6a90bc50b2b6d5f2a31060650c7883e55f5d3
-
SSDEEP
12288:6S2QRXDD1yed0fsU4GSWaOvPESGj4s32xEdRCSTq:6S2Q9NXw2/wPOjdGxY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-