General
-
Target
185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167
-
Size
890KB
-
Sample
241110-fkvxmazhmc
-
MD5
be40e5ba0ed3878afeb4de6db7780f61
-
SHA1
ed2c1c81730ab795789498b582288bdc12079df0
-
SHA256
185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167
-
SHA512
9c613a8ac46ca8c059828493338ce72f0deb23f53f28a5f2bae86dc895c9a7b30ae5924fe2fb5434eeebd06cd4f0a30dbf3efd0ff0202d72f618930ec84a29a6
-
SSDEEP
12288:my90jsYtUKOnupnnr2UrR5Vwn7PwhAnen7zI98uWWyTtT9uZdl3u1iD1RHFUsQU:myKPUKcupnRRAn7Ihfn7MagDzrlzA
Static task
static1
Behavioral task
behavioral1
Sample
185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167
-
Size
890KB
-
MD5
be40e5ba0ed3878afeb4de6db7780f61
-
SHA1
ed2c1c81730ab795789498b582288bdc12079df0
-
SHA256
185189c20d352feffc5ba12be87726b85b11232e4f241d24e67bb0b435b38167
-
SHA512
9c613a8ac46ca8c059828493338ce72f0deb23f53f28a5f2bae86dc895c9a7b30ae5924fe2fb5434eeebd06cd4f0a30dbf3efd0ff0202d72f618930ec84a29a6
-
SSDEEP
12288:my90jsYtUKOnupnnr2UrR5Vwn7PwhAnen7zI98uWWyTtT9uZdl3u1iD1RHFUsQU:myKPUKcupnRRAn7Ihfn7MagDzrlzA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-