General
-
Target
28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6
-
Size
849KB
-
Sample
241109-ck56tavepe
-
MD5
67f08e0374679aec72c19bc70e2d00cd
-
SHA1
1b252877e87797f8e00cbef2efffd46e0e69951a
-
SHA256
28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6
-
SHA512
0ebb8de151bf73986f039923bdb55e8136b3aacb121bb8881bdd9090e6e831488ddf719b00ac5376a54b5a635e8b8115560c4c1ec7a1594392a26c0625f2711a
-
SSDEEP
24576:GyQtn3GfZb/PLOb8BAmXz35lEzWK14Dk:VQtme+3dsWG4D
Static task
static1
Behavioral task
behavioral1
Sample
28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6
-
Size
849KB
-
MD5
67f08e0374679aec72c19bc70e2d00cd
-
SHA1
1b252877e87797f8e00cbef2efffd46e0e69951a
-
SHA256
28bb5b58fdb24021eb0d77dc56c4b090877912d17291cca74fed3efa9f7ccea6
-
SHA512
0ebb8de151bf73986f039923bdb55e8136b3aacb121bb8881bdd9090e6e831488ddf719b00ac5376a54b5a635e8b8115560c4c1ec7a1594392a26c0625f2711a
-
SSDEEP
24576:GyQtn3GfZb/PLOb8BAmXz35lEzWK14Dk:VQtme+3dsWG4D
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-