General
-
Target
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
-
Size
699KB
-
Sample
240319-xgcejsbf82
-
MD5
c6f4ffde851054ec2871e72833cd9d59
-
SHA1
e688103c4fa3ca815732f0f70f37d11f69232e04
-
SHA256
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
-
SHA512
47264796515d6ef559b9f33f68011230ba242f5edfc47ea28cc1f788930a6e42f42c7c2963bf727ab67e86e859ae877a139af91dd0e7e95581a69888ad192fe4
-
SSDEEP
12288:bzcNWKoGVk6ax2GqvIWa5t6rsKjovt4E+P81XX2y5CNjyg6O:sL3+7x2I/KjM0P81XXVMegZ
Static task
static1
Behavioral task
behavioral1
Sample
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7.exe
Resource
win11-20240214-en
Malware Config
Extracted
redline
fud
45.15.156.7:48638
-
auth_value
da2faefdcf53c9d85fcbb82d0cbf4876
Targets
-
-
Target
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
-
Size
699KB
-
MD5
c6f4ffde851054ec2871e72833cd9d59
-
SHA1
e688103c4fa3ca815732f0f70f37d11f69232e04
-
SHA256
25502cd9907336216d2733d966787f67c47a6ea07a7895a4fa9f26e9206dd0e7
-
SHA512
47264796515d6ef559b9f33f68011230ba242f5edfc47ea28cc1f788930a6e42f42c7c2963bf727ab67e86e859ae877a139af91dd0e7e95581a69888ad192fe4
-
SSDEEP
12288:bzcNWKoGVk6ax2GqvIWa5t6rsKjovt4E+P81XX2y5CNjyg6O:sL3+7x2I/KjM0P81XXVMegZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-