General
-
Target
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257.bin
-
Size
1.7MB
-
Sample
230507-c2t5waee97
-
MD5
6ba8dd0fa24edb74b3b65408350656e3
-
SHA1
a59ffd4d56bf61bfb08fd10075c82a3850ab09cb
-
SHA256
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257
-
SHA512
f86901b48a6448f1c7db170d4c1c535451ecdf85b34e3e83490ba042562ee9508fe8b69960360737ce472334df5184699be5ad84beada1a3d7a8269aad5bdc21
-
SSDEEP
24576:Xy7No6HnQiRpB5Tdq+ptpuPJtPPaVRS8fTL/7soVZquYaGFDbBDAS3:i7No6HnHV3qMtA3na/PfDsoIa8bBDAS
Static task
static1
Behavioral task
behavioral1
Sample
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
most
185.161.248.73:4164
-
auth_value
7da4dfa153f2919e617aa016f7c36008
Targets
-
-
Target
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257.bin
-
Size
1.7MB
-
MD5
6ba8dd0fa24edb74b3b65408350656e3
-
SHA1
a59ffd4d56bf61bfb08fd10075c82a3850ab09cb
-
SHA256
5f2a6559af38f363acdab3adc6fb935ae23523c7b80012a78b9722649034d257
-
SHA512
f86901b48a6448f1c7db170d4c1c535451ecdf85b34e3e83490ba042562ee9508fe8b69960360737ce472334df5184699be5ad84beada1a3d7a8269aad5bdc21
-
SSDEEP
24576:Xy7No6HnQiRpB5Tdq+ptpuPJtPPaVRS8fTL/7soVZquYaGFDbBDAS3:i7No6HnHV3qMtA3na/PfDsoIa8bBDAS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-