General
-
Target
076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3
-
Size
851KB
-
Sample
241110-ffa2nazjet
-
MD5
2e52c5c8004d8a93b10fd88dadf7ec6c
-
SHA1
c3350ceaa9ba06737c39b2b3403d6249737856af
-
SHA256
076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3
-
SHA512
3fade50f6e95088671bb7fe4b2ecdcbf5bde10d054c718351da792a036d6df2c2a42dd87f4a2cf557eed2e9b0177ae0f18112539d2a0e0f1863e34cf73bf57bb
-
SSDEEP
12288:Iy90vdSSaDfJn6kFgyx2BkRe5WCLaUsk4D/ab4Jefq+q52mYJOCdzwl6RB:IyGdiDHxkHsvSbdWYJOChB
Static task
static1
Behavioral task
behavioral1
Sample
076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3
-
Size
851KB
-
MD5
2e52c5c8004d8a93b10fd88dadf7ec6c
-
SHA1
c3350ceaa9ba06737c39b2b3403d6249737856af
-
SHA256
076a56a87db16b3a80c5d45f6615c9c0cf09cbaf8960dbc8b2231da7cf0517b3
-
SHA512
3fade50f6e95088671bb7fe4b2ecdcbf5bde10d054c718351da792a036d6df2c2a42dd87f4a2cf557eed2e9b0177ae0f18112539d2a0e0f1863e34cf73bf57bb
-
SSDEEP
12288:Iy90vdSSaDfJn6kFgyx2BkRe5WCLaUsk4D/ab4Jefq+q52mYJOCdzwl6RB:IyGdiDHxkHsvSbdWYJOChB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-