General
-
Target
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7
-
Size
574KB
-
Sample
241109-mbcs1sserp
-
MD5
3fd5276276602c7496ed60da28212145
-
SHA1
8bd2afa282a3c9f904792526a9b65b9976cd9357
-
SHA256
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7
-
SHA512
eba7e2022d453d3e89503a6c108474aae0f7ce8b9992033b07a7277fdd47352013fbc474cfc3981814b606264fd839be5432e16666a8b3d67295c66899ec395d
-
SSDEEP
12288:JlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Jlbqbi8d+P1KjSN/z50dDKbx7L
Static task
static1
Behavioral task
behavioral1
Sample
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7
-
Size
574KB
-
MD5
3fd5276276602c7496ed60da28212145
-
SHA1
8bd2afa282a3c9f904792526a9b65b9976cd9357
-
SHA256
eaa7becc44c26c1d802981d439fc436c34cbd399a891886c5c65fcc21d7372b7
-
SHA512
eba7e2022d453d3e89503a6c108474aae0f7ce8b9992033b07a7277fdd47352013fbc474cfc3981814b606264fd839be5432e16666a8b3d67295c66899ec395d
-
SSDEEP
12288:JlvTqsKami8mOB+C+uiDum8SPl/O+50NzXTKbx7SK:Jlbqbi8d+P1KjSN/z50dDKbx7L
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-