General
-
Target
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f
-
Size
417KB
-
Sample
240409-dspz8sch26
-
MD5
6ac97d740fb5c90ede238029d8318688
-
SHA1
b097cc2912d08413a44a88fc04ac459bd74b3bad
-
SHA256
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f
-
SHA512
7b2a61d1567b29ff8e03ddf5d015b5ab4ca77dc901a2a5c69c9dd478dd65ab4b4ea70e6bf7b2f3c897aeb06938a376d1b7e4ea9662911d6a6f9ca5b5715d3b18
-
SSDEEP
6144:lekZjybv1yL3TVNO6KtZ1e7ieg+BdOV1n8As8Pp+/XpkBaVjcSQzQ7/2kvT:lNjco3TxA3CierL8Ps0aVw8F
Static task
static1
Behavioral task
behavioral1
Sample
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Targets
-
-
Target
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f
-
Size
417KB
-
MD5
6ac97d740fb5c90ede238029d8318688
-
SHA1
b097cc2912d08413a44a88fc04ac459bd74b3bad
-
SHA256
e2979f971ed69314f95db618da853c7cb201c6ab21b46a6d7d3108f5741a0e0f
-
SHA512
7b2a61d1567b29ff8e03ddf5d015b5ab4ca77dc901a2a5c69c9dd478dd65ab4b4ea70e6bf7b2f3c897aeb06938a376d1b7e4ea9662911d6a6f9ca5b5715d3b18
-
SSDEEP
6144:lekZjybv1yL3TVNO6KtZ1e7ieg+BdOV1n8As8Pp+/XpkBaVjcSQzQ7/2kvT:lNjco3TxA3CierL8Ps0aVw8F
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables packed with ConfuserEx Mod
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-