General
-
Target
3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
-
Size
706KB
-
Sample
230414-k1wlbahc68
-
MD5
69a3dc0e5303dac4d5f5c21f5765e7ac
-
SHA1
522c8332d9dcda74157036a4b1d3537c1ffdc97e
-
SHA256
3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
-
SHA512
a7e395864372600db914cc96b9c0ff5a8fd6eb7349cd5d8e0cfec0270d1afeead0bfe7067ec0a507737265064c73029dae08b84b5730e694a2f3bafc3d8ac0b6
-
SSDEEP
12288:SMrSy906RGxJ64V74lAiCCdqeOzVNdvGsVLsqQWmhQcjx/EpBT:wyjGbv94aiwhJXQW8njx/EpN
Static task
static1
Behavioral task
behavioral1
Sample
3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Targets
-
-
Target
3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
-
Size
706KB
-
MD5
69a3dc0e5303dac4d5f5c21f5765e7ac
-
SHA1
522c8332d9dcda74157036a4b1d3537c1ffdc97e
-
SHA256
3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
-
SHA512
a7e395864372600db914cc96b9c0ff5a8fd6eb7349cd5d8e0cfec0270d1afeead0bfe7067ec0a507737265064c73029dae08b84b5730e694a2f3bafc3d8ac0b6
-
SSDEEP
12288:SMrSy906RGxJ64V74lAiCCdqeOzVNdvGsVLsqQWmhQcjx/EpBT:wyjGbv94aiwhJXQW8njx/EpN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-