General
-
Target
37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9
-
Size
773KB
-
Sample
241109-etj12szngk
-
MD5
29aaf4329eb63ad58213522d546be502
-
SHA1
7f5484fbe77a2b1ecdcc9d5d881c8a7fe4d0bbef
-
SHA256
37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9
-
SHA512
afa2717ffda628f6ef1cbaa65c505743d8ae4699e20c0a091c28d792289c7e5a94cd5c848622350a7d42ad74b60eddfc8bee69344efdb38ff9f54a1f7974a3e2
-
SSDEEP
24576:Ayy2GzxwCYvDnP1O1fBiNxX/dEOro0O6r:HyHMvE5iHFEOrJ
Static task
static1
Behavioral task
behavioral1
Sample
37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9
-
Size
773KB
-
MD5
29aaf4329eb63ad58213522d546be502
-
SHA1
7f5484fbe77a2b1ecdcc9d5d881c8a7fe4d0bbef
-
SHA256
37c24f801df5e35d4e62cdd0986ad9c9bdc6bf1b5942c8a3f900c5c80a9a09f9
-
SHA512
afa2717ffda628f6ef1cbaa65c505743d8ae4699e20c0a091c28d792289c7e5a94cd5c848622350a7d42ad74b60eddfc8bee69344efdb38ff9f54a1f7974a3e2
-
SSDEEP
24576:Ayy2GzxwCYvDnP1O1fBiNxX/dEOro0O6r:HyHMvE5iHFEOrJ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-