General
-
Target
slinkyloader.exe
-
Size
17.5MB
-
Sample
240427-xwla1aee73
-
MD5
0e2e98f4e97316c7d6613bb10149fcf1
-
SHA1
dffa4e7ec86befeec114f7a7e5ceaf752e7b84f4
-
SHA256
bb250b5edfed1c3d0a8bac249f57ec5971b34d8435b7657bf3e57a73556ecfdd
-
SHA512
a232ee6ae96cf87fdc2633639474b27ac08bb691fbe690da151a761a167fffa555fd3da0a5ce7ca0b66097c5fb476890b754a8cf9527c5d8328b1550f71991a1
-
SSDEEP
393216:1+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:xot3uLuz3tM6rfUXCkYgU/VQti/W35
Static task
static1
Behavioral task
behavioral1
Sample
slinkyloader.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
Fake Slinky
ii-restored.gl.at.ply.gg:43416
Targets
-
-
Target
slinkyloader.exe
-
Size
17.5MB
-
MD5
0e2e98f4e97316c7d6613bb10149fcf1
-
SHA1
dffa4e7ec86befeec114f7a7e5ceaf752e7b84f4
-
SHA256
bb250b5edfed1c3d0a8bac249f57ec5971b34d8435b7657bf3e57a73556ecfdd
-
SHA512
a232ee6ae96cf87fdc2633639474b27ac08bb691fbe690da151a761a167fffa555fd3da0a5ce7ca0b66097c5fb476890b754a8cf9527c5d8328b1550f71991a1
-
SSDEEP
393216:1+c50Fa7K39n0LHOz3tcA/YFspJfUXvakYHQFSdbhALSVQtikwtW3Jigc:xot3uLuz3tM6rfUXCkYgU/VQti/W35
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-