General
-
Target
fdd32fae409ceadca1e43d1f61b0cc8cf130fa85ff873455585b170133fce290
-
Size
703KB
-
Sample
230414-kzamfshc63
-
MD5
85ed747a3ee1e13974a0907dc8346f82
-
SHA1
6ff2e38f49744b763b8e1a399752a071b7839ddd
-
SHA256
fdd32fae409ceadca1e43d1f61b0cc8cf130fa85ff873455585b170133fce290
-
SHA512
b3cc7ca7555d3304a590e7bb09b7bf81fb49ca491de6323a25cb7beef2a843722c4f846c42067f9cbf6213f60d94a111a0226158598f8567ceabc4c9f22a37d9
-
SSDEEP
12288:GMrly90bZOLqmh14XyS4OiRHFp3atCj1YKC9NlsV+HeMjalUsUuQK2q7JTmB5WM:TykOjhqXqxlNP1I9NQ7guiq7JKB5WMqv
Static task
static1
Behavioral task
behavioral1
Sample
fdd32fae409ceadca1e43d1f61b0cc8cf130fa85ff873455585b170133fce290.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Targets
-
-
Target
fdd32fae409ceadca1e43d1f61b0cc8cf130fa85ff873455585b170133fce290
-
Size
703KB
-
MD5
85ed747a3ee1e13974a0907dc8346f82
-
SHA1
6ff2e38f49744b763b8e1a399752a071b7839ddd
-
SHA256
fdd32fae409ceadca1e43d1f61b0cc8cf130fa85ff873455585b170133fce290
-
SHA512
b3cc7ca7555d3304a590e7bb09b7bf81fb49ca491de6323a25cb7beef2a843722c4f846c42067f9cbf6213f60d94a111a0226158598f8567ceabc4c9f22a37d9
-
SSDEEP
12288:GMrly90bZOLqmh14XyS4OiRHFp3atCj1YKC9NlsV+HeMjalUsUuQK2q7JTmB5WM:TykOjhqXqxlNP1I9NQ7guiq7JKB5WMqv
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-