General
-
Target
8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56N
-
Size
849KB
-
Sample
241110-et1zkazapj
-
MD5
af132fadf608c73fc4ddfaa98df13520
-
SHA1
9564565d0042c039d257ef895b9978bba03d4ea4
-
SHA256
8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56
-
SHA512
d953c2f1df7bab3820452009c1b8ea094d0b6727bc4d7920a1d778251202304af5ec737b6f38214556b6e58258e74ce6313fa73354338037fd8031c23277c0f0
-
SSDEEP
12288:Wy90ervNXyqd4+B2waghPTUCqdjPLO6kDrB8dP740V5X2KE5fcCQVERQnrLORoG:WyVrRfBj2HPLO6aBsnXX2KEbQaRQ/Qt
Static task
static1
Behavioral task
behavioral1
Sample
8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56N
-
Size
849KB
-
MD5
af132fadf608c73fc4ddfaa98df13520
-
SHA1
9564565d0042c039d257ef895b9978bba03d4ea4
-
SHA256
8a26a95e8e2dc5a35cd4c094da0269d9962636abd2c6c273451adb59023e7e56
-
SHA512
d953c2f1df7bab3820452009c1b8ea094d0b6727bc4d7920a1d778251202304af5ec737b6f38214556b6e58258e74ce6313fa73354338037fd8031c23277c0f0
-
SSDEEP
12288:Wy90ervNXyqd4+B2waghPTUCqdjPLO6kDrB8dP740V5X2KE5fcCQVERQnrLORoG:WyVrRfBj2HPLO6aBsnXX2KEbQaRQ/Qt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-