General
-
Target
94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b
-
Size
865KB
-
Sample
241109-z133qasell
-
MD5
0d9bf72845c1ea68dd698ae4faeb74fe
-
SHA1
322b55ff06e75ef06fb13b69515982ac5de6fd3a
-
SHA256
94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b
-
SHA512
e78fe486171563762549455f49537f1ee5579c7eb5ebb46a6e0890197047ee4aa187ea95960a81636c0154e9db0cd6a746e82ef0b45d64931e092edf259b9f52
-
SSDEEP
24576:5yCvcldfGTKHiIpaH72RJozkFZE/1aQFRta:sCUX5Hi+aH68sZEdtF
Static task
static1
Behavioral task
behavioral1
Sample
94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b
-
Size
865KB
-
MD5
0d9bf72845c1ea68dd698ae4faeb74fe
-
SHA1
322b55ff06e75ef06fb13b69515982ac5de6fd3a
-
SHA256
94154c63ccb688a42729dfaca53442d0b257064d75ff1cc41d03ec02f32c1f4b
-
SHA512
e78fe486171563762549455f49537f1ee5579c7eb5ebb46a6e0890197047ee4aa187ea95960a81636c0154e9db0cd6a746e82ef0b45d64931e092edf259b9f52
-
SSDEEP
24576:5yCvcldfGTKHiIpaH72RJozkFZE/1aQFRta:sCUX5Hi+aH68sZEdtF
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-