General
-
Target
90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8
-
Size
849KB
-
Sample
241109-rwp2asyphp
-
MD5
621898503449e6a5cb6c3639af765d09
-
SHA1
9cd86fcad5157406a1bb1dd2b5e71897d7812ec8
-
SHA256
90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8
-
SHA512
b91368eafd74570128175ef3d2f70f15693ed1d7a27dc010ca2ce4d969023d50dab7196dd8704389b22681a3bca0936e5c278e8fc5522c86d0fd95db53ac80cd
-
SSDEEP
24576:zyyHVj/oOY4SdPZOqnBK6RXifcAN95YKnR1PZyG1:GW9sbBK+q3N9fT
Static task
static1
Behavioral task
behavioral1
Sample
90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8
-
Size
849KB
-
MD5
621898503449e6a5cb6c3639af765d09
-
SHA1
9cd86fcad5157406a1bb1dd2b5e71897d7812ec8
-
SHA256
90872d8edb91bed21409768b92622659af956ec1626de69dd22f56948a3cb1d8
-
SHA512
b91368eafd74570128175ef3d2f70f15693ed1d7a27dc010ca2ce4d969023d50dab7196dd8704389b22681a3bca0936e5c278e8fc5522c86d0fd95db53ac80cd
-
SSDEEP
24576:zyyHVj/oOY4SdPZOqnBK6RXifcAN95YKnR1PZyG1:GW9sbBK+q3N9fT
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-