General
-
Target
1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea
-
Size
849KB
-
Sample
241109-bpg44swqgl
-
MD5
a503af3978e1796b2f253d92955ffc9d
-
SHA1
c001655b8a045f8464936dda71ef874674c5a428
-
SHA256
1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea
-
SHA512
8c30b34b7d92f36507cdb544c5634660e96ec5f2a20cd08bb72275db2a830db3c65ed2a029adf4ebcc1fa211ed1a684b77a833c1991709d646cd96cb33895fb7
-
SSDEEP
24576:0yiFoxYl1FPjOf7BCCcXGCNsgMwmRqOsSeF:DALiVC/GiRR7
Static task
static1
Behavioral task
behavioral1
Sample
1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea
-
Size
849KB
-
MD5
a503af3978e1796b2f253d92955ffc9d
-
SHA1
c001655b8a045f8464936dda71ef874674c5a428
-
SHA256
1702411e01d0cd615282ab8a91ef29479779f53df8c2b7ad8d9e150612e1deea
-
SHA512
8c30b34b7d92f36507cdb544c5634660e96ec5f2a20cd08bb72275db2a830db3c65ed2a029adf4ebcc1fa211ed1a684b77a833c1991709d646cd96cb33895fb7
-
SSDEEP
24576:0yiFoxYl1FPjOf7BCCcXGCNsgMwmRqOsSeF:DALiVC/GiRR7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-