General
-
Target
8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c
-
Size
793KB
-
Sample
241109-wyeqkazbmg
-
MD5
14af28aa5ab1358410f9668e16a1cfa4
-
SHA1
a53e08f4af289fe1773f62e868f9fdf3029a5162
-
SHA256
8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c
-
SHA512
b030c32d6601cdb4bf0d6c60b34f8f8ef2cf7f481294fda654a6cb0c457186f73f8b1f3a6a18bee7836c6272ae22d3fd9f0982c2f53155c440675b379f1536c2
-
SSDEEP
12288:Dy90wFIqxGZZO6Thf0RFfnnHfLhR5SwNqPdRonexceZ7YgcqjEFveZjZ/ge:DyZFbof+PntRpNqVRXmuFcoEEZt
Static task
static1
Behavioral task
behavioral1
Sample
8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c
-
Size
793KB
-
MD5
14af28aa5ab1358410f9668e16a1cfa4
-
SHA1
a53e08f4af289fe1773f62e868f9fdf3029a5162
-
SHA256
8340b85b87e24540355c0b78dc941fd8e8a3225f6e8136ec859bef8c038efb7c
-
SHA512
b030c32d6601cdb4bf0d6c60b34f8f8ef2cf7f481294fda654a6cb0c457186f73f8b1f3a6a18bee7836c6272ae22d3fd9f0982c2f53155c440675b379f1536c2
-
SSDEEP
12288:Dy90wFIqxGZZO6Thf0RFfnnHfLhR5SwNqPdRonexceZ7YgcqjEFveZjZ/ge:DyZFbof+PntRpNqVRXmuFcoEEZt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-