General
-
Target
d726542e93c6b147495df1ecf3c48c0d3fe89d255713f5b15c131d3ecec618b2
-
Size
819KB
-
Sample
241109-znl9fascjr
-
MD5
a7ec4c2ec8a2c7b65ba0c63111fdf866
-
SHA1
ad23e4349e964de00d355ab64733c1f7c9663669
-
SHA256
d726542e93c6b147495df1ecf3c48c0d3fe89d255713f5b15c131d3ecec618b2
-
SHA512
1f7b0cb101d01a7265caac043342b41ece4267bb9cff008dda643f9e4714ccf4f4ddf1111beae27d838e9fc0dcd1dbc132895c6b6f384e2bec2ff650e40540fc
-
SSDEEP
24576:nZLuPmrYbAkeCL3TKeYyrIjqLEW8mUmRt3yoO:wmrYbP7I5qP8SRtc
Static task
static1
Behavioral task
behavioral1
Sample
503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
ans
34.125.68.133:80
104.197.80.52:80
-
auth_value
338d5be1ef49d0de9911f6d8ed35e991
Targets
-
-
Target
503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac.exe
-
Size
1.8MB
-
MD5
0d94be3223266ea6bbdaecfa3200142c
-
SHA1
879279ff736a0dd8768f4d807e9d91b78d1a4fce
-
SHA256
503604112fa7b8be8002664f2b67416c765f3b994bd5457a57ae14cdceaaa0ac
-
SHA512
7f336ab06f9344ae14ae2d366958503b289f7636324f69186eee9e0f8cdec8445b7a003312a0689d1627efc32af6536f1e8ee38bc2bb790cdf7225064881e3ba
-
SSDEEP
24576:7zFesd38Ctz7uET06nE9QNZR9twp5L5ulugTvcuNSVw3XZlqGwF4bqPJrLklTG0:Vesfi6Exu5lg4mxrLklTG0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-