General
-
Target
8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98
-
Size
793KB
-
Sample
241109-yd2qps1bmd
-
MD5
0894472604a38f7981edc7e28026693a
-
SHA1
b6027154737d700da09c5ce0560ed5a884351db9
-
SHA256
8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98
-
SHA512
2a75c3afc8b588527c7005439404ab0dabed1ba7bd897584b14b010dc2139a09b0ea51ef017ef0f8a464e06f300eb40d8a3c0bcb40dd93a3b9de3d8d87b0f22e
-
SSDEEP
12288:yy904HzJW21H2IJABXtqY/utvoEtA6J4fWD8v0VZVni4/aS9rVWd8XsC+:yyfHzJWaHDyXtxmQOfo0bVnD9r9/+
Static task
static1
Behavioral task
behavioral1
Sample
8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dork
185.161.248.73:4164
-
auth_value
e81be7d6cfb453cc812e1b4890eeadad
Targets
-
-
Target
8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98
-
Size
793KB
-
MD5
0894472604a38f7981edc7e28026693a
-
SHA1
b6027154737d700da09c5ce0560ed5a884351db9
-
SHA256
8366cced505ec3b1035153bca90ae084a5e533b3a298376975110851b165ab98
-
SHA512
2a75c3afc8b588527c7005439404ab0dabed1ba7bd897584b14b010dc2139a09b0ea51ef017ef0f8a464e06f300eb40d8a3c0bcb40dd93a3b9de3d8d87b0f22e
-
SSDEEP
12288:yy904HzJW21H2IJABXtqY/utvoEtA6J4fWD8v0VZVni4/aS9rVWd8XsC+:yyfHzJWaHDyXtxmQOfo0bVnD9r9/+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-