General
-
Target
6cd5f5b8e78fb09444b9130509d80ee99e73a31cb3f26c8243218caf06953277
-
Size
1.0MB
-
Sample
230414-k1chfaaf9s
-
MD5
b95554058c029330cfc1aefe03b4e985
-
SHA1
568e341d4f623f84ddb51dd6016b3a331072d433
-
SHA256
6cd5f5b8e78fb09444b9130509d80ee99e73a31cb3f26c8243218caf06953277
-
SHA512
20006c928701a7fecca369039e98774ebecbefaf6fa601638a708265a31796df27bed1e038112a1ee0df3508c675845b7e8324ed63a810d987833cbaa5c2bf04
-
SSDEEP
24576:CyBMSXx59YMaNXFlwKBz+kgW1M70zJ149N79h4Q22jfSs:pBX59Yr7xhgW1XzJ1MN9hH22jf
Static task
static1
Behavioral task
behavioral1
Sample
6cd5f5b8e78fb09444b9130509d80ee99e73a31cb3f26c8243218caf06953277.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Targets
-
-
Target
6cd5f5b8e78fb09444b9130509d80ee99e73a31cb3f26c8243218caf06953277
-
Size
1.0MB
-
MD5
b95554058c029330cfc1aefe03b4e985
-
SHA1
568e341d4f623f84ddb51dd6016b3a331072d433
-
SHA256
6cd5f5b8e78fb09444b9130509d80ee99e73a31cb3f26c8243218caf06953277
-
SHA512
20006c928701a7fecca369039e98774ebecbefaf6fa601638a708265a31796df27bed1e038112a1ee0df3508c675845b7e8324ed63a810d987833cbaa5c2bf04
-
SSDEEP
24576:CyBMSXx59YMaNXFlwKBz+kgW1M70zJ149N79h4Q22jfSs:pBX59Yr7xhgW1XzJ1MN9hH22jf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-