General
-
Target
15f1bb02ce136666cc8e01c262598d2b
-
Size
2.3MB
-
Sample
231225-l4gf8sdad6
-
MD5
15f1bb02ce136666cc8e01c262598d2b
-
SHA1
3f31503cc9435bd992a995802832f13bd3d33ef1
-
SHA256
3aec785475880404e178721637b1a15a4990ba20af83b1c42db8d73924fa8563
-
SHA512
47cfba10258b5cc961abb4364479c2d79d4735a4fd61e4fabf51f695e54bccf1714d7a2f0a4f2a0442f637770c849aabfce0a473f8d2271007c8148ca0567171
-
SSDEEP
49152:Y5+hFdY/2Ypqe3xwW4wnndRgde6DJzw5/5M6xiz8lVHTIioOFZQ+C:Y5aFa+QxwtwndRMe2A/hxiqZ7C
Static task
static1
Behavioral task
behavioral1
Sample
15f1bb02ce136666cc8e01c262598d2b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
15f1bb02ce136666cc8e01c262598d2b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@keynejkee
45.12.213.248:36372
Targets
-
-
Target
15f1bb02ce136666cc8e01c262598d2b
-
Size
2.3MB
-
MD5
15f1bb02ce136666cc8e01c262598d2b
-
SHA1
3f31503cc9435bd992a995802832f13bd3d33ef1
-
SHA256
3aec785475880404e178721637b1a15a4990ba20af83b1c42db8d73924fa8563
-
SHA512
47cfba10258b5cc961abb4364479c2d79d4735a4fd61e4fabf51f695e54bccf1714d7a2f0a4f2a0442f637770c849aabfce0a473f8d2271007c8148ca0567171
-
SSDEEP
49152:Y5+hFdY/2Ypqe3xwW4wnndRgde6DJzw5/5M6xiz8lVHTIioOFZQ+C:Y5aFa+QxwtwndRMe2A/hxiqZ7C
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-