General
-
Target
27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e
-
Size
850KB
-
Sample
241109-hst2eazenf
-
MD5
613abcd399e6f7a6d4acb964751d52c2
-
SHA1
3c40a4b7cb47c51c7fa9360cf0923ba94dfb0464
-
SHA256
27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e
-
SHA512
2a3fda4f992bf544b8b3abaf96a024c46d857945e1c7d373f2306798781d12bdaba0750b8e95d8d1e41725c17ffcb052e87ce728683dfe9cdc45297e0774133e
-
SSDEEP
24576:1y83SeWTVSr3VNSotYKVY/lIVqJsw1eghP:Q8ie/3h2KV8c
Static task
static1
Behavioral task
behavioral1
Sample
27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e
-
Size
850KB
-
MD5
613abcd399e6f7a6d4acb964751d52c2
-
SHA1
3c40a4b7cb47c51c7fa9360cf0923ba94dfb0464
-
SHA256
27cfd7771db5efb76d9a3a6365099295422bbbb04982266ec7d82ce2eaf67f3e
-
SHA512
2a3fda4f992bf544b8b3abaf96a024c46d857945e1c7d373f2306798781d12bdaba0750b8e95d8d1e41725c17ffcb052e87ce728683dfe9cdc45297e0774133e
-
SSDEEP
24576:1y83SeWTVSr3VNSotYKVY/lIVqJsw1eghP:Q8ie/3h2KV8c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-