General
-
Target
df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0
-
Size
890KB
-
Sample
241109-gzrn7azapk
-
MD5
253e0c55a77bbe1f1194de5892327868
-
SHA1
02138d6c59180ff03da9126b1f044f630d1bb8c2
-
SHA256
df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0
-
SHA512
f18e98575f78a966eb362092148fca52f433e1c35f5678ad01d48ca783f8b413dcfee27e2f1667f8a39735528090b7dacd9e1248cc80ac10f99a2192f88db7bc
-
SSDEEP
24576:Sy0K8Ace5NcentRZzOjk8mybHjUYPR0R8ozzC:50ebCet7+t024
Static task
static1
Behavioral task
behavioral1
Sample
df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0
-
Size
890KB
-
MD5
253e0c55a77bbe1f1194de5892327868
-
SHA1
02138d6c59180ff03da9126b1f044f630d1bb8c2
-
SHA256
df90d3dd42c3f9a52b2be1544b7ed1986a654175b981ee387911d1bf0c0986f0
-
SHA512
f18e98575f78a966eb362092148fca52f433e1c35f5678ad01d48ca783f8b413dcfee27e2f1667f8a39735528090b7dacd9e1248cc80ac10f99a2192f88db7bc
-
SSDEEP
24576:Sy0K8Ace5NcentRZzOjk8mybHjUYPR0R8ozzC:50ebCet7+t024
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-