General
-
Target
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a
-
Size
61KB
-
Sample
241017-yrxc5stclf
-
MD5
4fdb0cd943aeaff2fd30dc6ca6fd316a
-
SHA1
7a1fada1fc7b03f16c101016e02e3bdc72d907c2
-
SHA256
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a
-
SHA512
0807faca2ea3b49c9334bf85c10fa11485cd6de91997a78615b16c9fe8aab58b153160e607f18e64daf864a7425a61cc9c7fb5c6f319a51885329c269e907dec
-
SSDEEP
1536:qY//xqZdFOiPPlFNfypFRX7WsF0MtJjPLy:qoxw1PFqL3PjPLy
Static task
static1
Behavioral task
behavioral1
Sample
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
test
50.116.53.64:3214
Targets
-
-
Target
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a
-
Size
61KB
-
MD5
4fdb0cd943aeaff2fd30dc6ca6fd316a
-
SHA1
7a1fada1fc7b03f16c101016e02e3bdc72d907c2
-
SHA256
3168addd4309d56c314d003634a3f186276d86eaf27da0cfb08512fe95dbb13a
-
SHA512
0807faca2ea3b49c9334bf85c10fa11485cd6de91997a78615b16c9fe8aab58b153160e607f18e64daf864a7425a61cc9c7fb5c6f319a51885329c269e907dec
-
SSDEEP
1536:qY//xqZdFOiPPlFNfypFRX7WsF0MtJjPLy:qoxw1PFqL3PjPLy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-