General
-
Target
3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108.exe
-
Size
384KB
-
Sample
240725-x38d4ssgra
-
MD5
2ff5a03dff94e3d9cb079b4da0e57cf5
-
SHA1
d6483a3b778de602ba2c5657ca8efa2a0b75e3de
-
SHA256
3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108
-
SHA512
34cd550664d44cb43d49ca060fe02f59cf19e0555adfe0f188b4f0877e6408b09ec5087ed606e0c7e7b39ec1d10f8305268337048b73bf36e9d67b6d64960f41
-
SSDEEP
6144:++pLw3TFfhAvLp2z62Dpl+X9Z+nD0nYwL6Q9HL6QGI7:BpLITFaKtuX9QnDmjj9rjGI
Static task
static1
Behavioral task
behavioral1
Sample
3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
03252020
62.204.41.166:27688
-
auth_value
615a24be0b062774496a554724a2fe2b
Extracted
arkei
Default
62.204.41.69/p8jG9WvgbE.php
Targets
-
-
Target
3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108.exe
-
Size
384KB
-
MD5
2ff5a03dff94e3d9cb079b4da0e57cf5
-
SHA1
d6483a3b778de602ba2c5657ca8efa2a0b75e3de
-
SHA256
3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108
-
SHA512
34cd550664d44cb43d49ca060fe02f59cf19e0555adfe0f188b4f0877e6408b09ec5087ed606e0c7e7b39ec1d10f8305268337048b73bf36e9d67b6d64960f41
-
SSDEEP
6144:++pLw3TFfhAvLp2z62Dpl+X9Z+nD0nYwL6Q9HL6QGI7:BpLITFaKtuX9QnDmjj9rjGI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-