General
-
Target
4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86
-
Size
894KB
-
Sample
241110-w27whsscmm
-
MD5
c84c9aa6409b7b725eaeeb0dbffb6863
-
SHA1
a8a83c4e3049532ec16ae4714db822f689499f98
-
SHA256
4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86
-
SHA512
aadb1adf1a607c889862d2a34560d84981ac4aa8a6a0efd09a0b576af30a02888280343b1bc0dbf1a9591581aa5fd2fd389e333fcd8791bcb47f826dbe024720
-
SSDEEP
12288:9y905FR5SaPIhxDAMpYRzOnnMq1xR5swRnPqZ1nejoZbF7KE0rLurHxtAc23fURD:9yEFPe5KwntR7RniZMj830r6rR23sN
Static task
static1
Behavioral task
behavioral1
Sample
4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86
-
Size
894KB
-
MD5
c84c9aa6409b7b725eaeeb0dbffb6863
-
SHA1
a8a83c4e3049532ec16ae4714db822f689499f98
-
SHA256
4afb5064403ce5b899a7d996a743b1e8c8b75fb64f614c285714861d1a2c6c86
-
SHA512
aadb1adf1a607c889862d2a34560d84981ac4aa8a6a0efd09a0b576af30a02888280343b1bc0dbf1a9591581aa5fd2fd389e333fcd8791bcb47f826dbe024720
-
SSDEEP
12288:9y905FR5SaPIhxDAMpYRzOnnMq1xR5swRnPqZ1nejoZbF7KE0rLurHxtAc23fURD:9yEFPe5KwntR7RniZMj830r6rR23sN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-