General
-
Target
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22
-
Size
581KB
-
Sample
241109-ykkqrs1cpf
-
MD5
a966d92d2c87edf0c5aa2d022c95ffb3
-
SHA1
616967a7db3da3bdd0051ae0a95ed929dadb98a7
-
SHA256
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22
-
SHA512
7df40cc7c5ab2f10ada4f2fd9731968387bd18bdf04cae1947cfef27b343805404e8907188106407d137a62e8209b2b23462718065af6b050104b2030749ae38
-
SSDEEP
12288:dvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Q:FAWbZl2LfBpnw/q/27
Static task
static1
Behavioral task
behavioral1
Sample
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22
-
Size
581KB
-
MD5
a966d92d2c87edf0c5aa2d022c95ffb3
-
SHA1
616967a7db3da3bdd0051ae0a95ed929dadb98a7
-
SHA256
13118f6479fda85795c3d5467bd2d9e0f724596c9e0f0d16be976347dfecdf22
-
SHA512
7df40cc7c5ab2f10ada4f2fd9731968387bd18bdf04cae1947cfef27b343805404e8907188106407d137a62e8209b2b23462718065af6b050104b2030749ae38
-
SSDEEP
12288:dvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Q:FAWbZl2LfBpnw/q/27
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-