General
-
Target
933f9395d32b29c81cd5f3d447879cf422737aeff132f5712c5cd56144a8dc70
-
Size
588KB
-
Sample
230420-q3phnscb7x
-
MD5
c974267895ad22f05bc9f3079bfc6150
-
SHA1
e7ca397dc564039b8182f414627a27db524040f5
-
SHA256
933f9395d32b29c81cd5f3d447879cf422737aeff132f5712c5cd56144a8dc70
-
SHA512
a2863a864719eaa0063fc0d57919eb249039ca2e0499e0437bdb4424015ccf56a881e28c495179bfa115435ece33e44381f95d0483aeb62d896e8eb4e3efc38a
-
SSDEEP
12288:ExLaKwfCEgWtLkyEYP+PiZbnRtZdmYyG8CVr:EBaqEgaEpqZbR5mRLCV
Static task
static1
Behavioral task
behavioral1
Sample
933f9395d32b29c81cd5f3d447879cf422737aeff132f5712c5cd56144a8dc70.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Targets
-
-
Target
933f9395d32b29c81cd5f3d447879cf422737aeff132f5712c5cd56144a8dc70
-
Size
588KB
-
MD5
c974267895ad22f05bc9f3079bfc6150
-
SHA1
e7ca397dc564039b8182f414627a27db524040f5
-
SHA256
933f9395d32b29c81cd5f3d447879cf422737aeff132f5712c5cd56144a8dc70
-
SHA512
a2863a864719eaa0063fc0d57919eb249039ca2e0499e0437bdb4424015ccf56a881e28c495179bfa115435ece33e44381f95d0483aeb62d896e8eb4e3efc38a
-
SSDEEP
12288:ExLaKwfCEgWtLkyEYP+PiZbnRtZdmYyG8CVr:EBaqEgaEpqZbR5mRLCV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-