General
-
Target
5c0d367fab1bd7c499b318e81980b717
-
Size
2.3MB
-
Sample
240115-ebjmkahfg4
-
MD5
5c0d367fab1bd7c499b318e81980b717
-
SHA1
540b90260ed89b4c0d8330c851dd542af52a7d0c
-
SHA256
70a7b4539fd77466de9aebe4d1e8eca3282df072e12fb8c95f5906d611febc5f
-
SHA512
4c99d846cf8e9c8c2209d3373c870e5e7663cfd2d5961d31d04457aebcaf6444faa46ae2e58b4237d2158b1f25123634b4c0fe7c6f6930192b957786d9b9fbb2
-
SSDEEP
49152:s5+hF7EUttWAykEbkd9yhJKyB67kuqgcM/mmtr9xiz8lVHTIioOFZQ+z:s5aFr/eAiJKyo7kuN/ZtBxiqZ7z
Static task
static1
Behavioral task
behavioral1
Sample
5c0d367fab1bd7c499b318e81980b717.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5c0d367fab1bd7c499b318e81980b717.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@vodi4ka228
45.14.49.109:54819
Targets
-
-
Target
5c0d367fab1bd7c499b318e81980b717
-
Size
2.3MB
-
MD5
5c0d367fab1bd7c499b318e81980b717
-
SHA1
540b90260ed89b4c0d8330c851dd542af52a7d0c
-
SHA256
70a7b4539fd77466de9aebe4d1e8eca3282df072e12fb8c95f5906d611febc5f
-
SHA512
4c99d846cf8e9c8c2209d3373c870e5e7663cfd2d5961d31d04457aebcaf6444faa46ae2e58b4237d2158b1f25123634b4c0fe7c6f6930192b957786d9b9fbb2
-
SSDEEP
49152:s5+hF7EUttWAykEbkd9yhJKyB67kuqgcM/mmtr9xiz8lVHTIioOFZQ+z:s5aFr/eAiJKyo7kuN/ZtBxiqZ7z
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-