General
-
Target
5956d4f7e7ee67784eb1144040e52b5d
-
Size
2.3MB
-
Sample
240113-y76azsdeem
-
MD5
5956d4f7e7ee67784eb1144040e52b5d
-
SHA1
de6fb74735924dcf2463719652a9197b83dfff08
-
SHA256
3bd79a5e14e5c1d9d33230d737e40c877c1bcf5eaa750fbf15eb9791b88a544c
-
SHA512
d0a3069288fac6a86f476c0de03cf9d3174e4a3603519e6d20022335334741b0f2e101988e0c1770d8bbc3acf592618490e29598f549765dc67c4e8a6852a30c
-
SSDEEP
49152:U5+hFCjbRCWEiyOqB9XNusVlAHrj6zjWxiz8lVHTIioOFZQ+Z:U5aF8CMY/3luOWxiqZ7Z
Static task
static1
Behavioral task
behavioral1
Sample
5956d4f7e7ee67784eb1144040e52b5d.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5956d4f7e7ee67784eb1144040e52b5d.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
redline
@kosmostarsz
77.220.214.232:13459
Targets
-
-
Target
5956d4f7e7ee67784eb1144040e52b5d
-
Size
2.3MB
-
MD5
5956d4f7e7ee67784eb1144040e52b5d
-
SHA1
de6fb74735924dcf2463719652a9197b83dfff08
-
SHA256
3bd79a5e14e5c1d9d33230d737e40c877c1bcf5eaa750fbf15eb9791b88a544c
-
SHA512
d0a3069288fac6a86f476c0de03cf9d3174e4a3603519e6d20022335334741b0f2e101988e0c1770d8bbc3acf592618490e29598f549765dc67c4e8a6852a30c
-
SSDEEP
49152:U5+hFCjbRCWEiyOqB9XNusVlAHrj6zjWxiz8lVHTIioOFZQ+Z:U5aF8CMY/3luOWxiqZ7Z
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-