General
-
Target
509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b
-
Size
774KB
-
Sample
241109-16cy6awncn
-
MD5
9028b1f75506452499767a5566dbcf67
-
SHA1
52d201831a209de01e4bec817595c97f14bc2fc2
-
SHA256
509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b
-
SHA512
80954e0a0c6469c83778e700a1305ce5b373de0396a76281d0cd188d089cbbdc059ec5c04eb84f1b7240e683b7257d893cb21ca94cb49898759a6f7190970331
-
SSDEEP
12288:Ay90O21B83A6eBMKMJp5O61eck1VGo/22YapfCbJCs9xxh5P:AyDWKxeBKFxk1VGQ9pfYCMF
Static task
static1
Behavioral task
behavioral1
Sample
509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b
-
Size
774KB
-
MD5
9028b1f75506452499767a5566dbcf67
-
SHA1
52d201831a209de01e4bec817595c97f14bc2fc2
-
SHA256
509ba7a4c50d98f97b8fae548ff8db3c6e2861139b62b08c2c0383bfb6b4852b
-
SHA512
80954e0a0c6469c83778e700a1305ce5b373de0396a76281d0cd188d089cbbdc059ec5c04eb84f1b7240e683b7257d893cb21ca94cb49898759a6f7190970331
-
SSDEEP
12288:Ay90O21B83A6eBMKMJp5O61eck1VGo/22YapfCbJCs9xxh5P:AyDWKxeBKFxk1VGQ9pfYCMF
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-