General
-
Target
redline_12499579432.zip
-
Size
347KB
-
Sample
231024-zhay8aac5s
-
MD5
197927a8c5fe819ec21f78b68f0a1c43
-
SHA1
f57e6b64a7b7f18fc14bed28ab938931080fe116
-
SHA256
8b2bd13e6c8e3d7f748bacffa323a049ecc1207cc79396824b786debf22e5b15
-
SHA512
a73b0b66bcaeee433d6e504807d3f3fdd9220dd0eef8543204cd50a45c955aff86ac1e1dd8061d75e990230e1551bac4cdb6d8d58d708b85fb9baee187faa333
-
SSDEEP
6144:En2cwyB0STN6A1r/+fwRamM5NNTi/a010H6d689XMDDrG:62cwyVTN6eC4RtMfB40aM89XMDDrG
Static task
static1
Behavioral task
behavioral1
Sample
d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
109.107.185.135:9303
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248
-
Size
463KB
-
MD5
0d9f444b57f4c8b34a6bc4f89561f943
-
SHA1
0b0123d06d46aa035e8f09f537401ccc1ac442e0
-
SHA256
d2f321fb9e5150f231d82d0fb0fbf52350cf2edd131ab960601d9b6832a7e248
-
SHA512
3164fe048680474c83f9c8a288e709aae321b3bfb0db13d5b28774f382c5448a0b9d31dd1370204b453531e522b697c6acb7b51099fccd834c8216cf1421da08
-
SSDEEP
12288:JcrNS33L10QdrXZT+tcWnyrNz+9prWlNW:0NA3R5drX/Wii9Gk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-