General
-
Target
299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
-
Size
353KB
-
Sample
230605-lwjavsfg74
-
MD5
a3d79b9863f5a98814552b1e39e3cf20
-
SHA1
fba3cbe828ee47e92b20f11a79047c9a67a6d314
-
SHA256
299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
-
SHA512
8494b667d3f5581e9fcf001f6106b28d077a50e6fdb9bf62b2474cf7c59b05a696ea6294884f9c18a912058d15254db0be077d43f400d1cba66ea90d92a6586a
-
SSDEEP
6144:y2sdlrA77AwnG7rFvvLgRLnpPwbxopSJwSRoiuWb:yy77Aw2dCbpPGZJbB
Static task
static1
Behavioral task
behavioral1
Sample
299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
-
Size
353KB
-
MD5
a3d79b9863f5a98814552b1e39e3cf20
-
SHA1
fba3cbe828ee47e92b20f11a79047c9a67a6d314
-
SHA256
299f5ab23fbfbf27a228038da5c7f2275920356aab33fc64a31cccf0d30ffc84
-
SHA512
8494b667d3f5581e9fcf001f6106b28d077a50e6fdb9bf62b2474cf7c59b05a696ea6294884f9c18a912058d15254db0be077d43f400d1cba66ea90d92a6586a
-
SSDEEP
6144:y2sdlrA77AwnG7rFvvLgRLnpPwbxopSJwSRoiuWb:yy77Aw2dCbpPGZJbB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-