General
-
Target
5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22
-
Size
851KB
-
Sample
241109-zh55csvkhq
-
MD5
97885e98bb6747d8658cdaf2f2884c78
-
SHA1
497588757eee774812a3fbb506a60d0354f3de72
-
SHA256
5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22
-
SHA512
9642e5e5d63bf2ceba8d74a5af747704929c54249c44ef429a4e40ece20082d9cc4f66dcdaa49a366bf5f18702161e0a1e64d61bd22da39eb792d379c2bdbb01
-
SSDEEP
24576:wyeANZgOrDx9usSCbiTxnnb4EX372YCoqpp:3vTgOx9oVn8g7v6p
Static task
static1
Behavioral task
behavioral1
Sample
5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22
-
Size
851KB
-
MD5
97885e98bb6747d8658cdaf2f2884c78
-
SHA1
497588757eee774812a3fbb506a60d0354f3de72
-
SHA256
5013cfab75c8cfd986b3ab4de5c346c47f7d40736a6cd82943ec4cf5f8cdee22
-
SHA512
9642e5e5d63bf2ceba8d74a5af747704929c54249c44ef429a4e40ece20082d9cc4f66dcdaa49a366bf5f18702161e0a1e64d61bd22da39eb792d379c2bdbb01
-
SSDEEP
24576:wyeANZgOrDx9usSCbiTxnnb4EX372YCoqpp:3vTgOx9oVn8g7v6p
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-