General
-
Target
6f82a9078456e351f1e65e0d5ab74b1b
-
Size
2.3MB
-
Sample
240122-m6mlpsegep
-
MD5
6f82a9078456e351f1e65e0d5ab74b1b
-
SHA1
7092e685d7c8d029a67c6be55545cc7a24bc2ab5
-
SHA256
b9bc364bca05ec2d2a55ac9689a75e6c5006137f1381a593135e723982ab964b
-
SHA512
45b5beac3cbdd12838093ca309ab490cc94fe2985df9c96fce0b7393628b89c94dbc566e1c64fe88b55086a2c123ce417dcb21b69caef22c8a08ebc83867c796
-
SSDEEP
49152:f5+hFr/Hq27Xhsqevtp+LuMwW6AcbDiJL6lhSy5Auxiz8lVHTIioOFZQ+U:f5aFrDROvtphMwBip6fSy5JxiqZ7U
Static task
static1
Behavioral task
behavioral1
Sample
6f82a9078456e351f1e65e0d5ab74b1b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
6f82a9078456e351f1e65e0d5ab74b1b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@whizzkid1
77.220.214.232:13459
Targets
-
-
Target
6f82a9078456e351f1e65e0d5ab74b1b
-
Size
2.3MB
-
MD5
6f82a9078456e351f1e65e0d5ab74b1b
-
SHA1
7092e685d7c8d029a67c6be55545cc7a24bc2ab5
-
SHA256
b9bc364bca05ec2d2a55ac9689a75e6c5006137f1381a593135e723982ab964b
-
SHA512
45b5beac3cbdd12838093ca309ab490cc94fe2985df9c96fce0b7393628b89c94dbc566e1c64fe88b55086a2c123ce417dcb21b69caef22c8a08ebc83867c796
-
SSDEEP
49152:f5+hFr/Hq27Xhsqevtp+LuMwW6AcbDiJL6lhSy5Auxiz8lVHTIioOFZQ+U:f5aFrDROvtphMwBip6fSy5JxiqZ7U
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-