General
-
Target
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe
-
Size
530KB
-
Sample
241111-bt13sazdkh
-
MD5
cf602786174778595e9e29b905727653
-
SHA1
6bd110b04e9427360b9ee9e8e5a064a06db1a554
-
SHA256
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9
-
SHA512
2fd64a5e16d2412cdb5cae375b521fe9f84138e19583996ba05b2fdabb102180a7243fc8507881c9f2ff36d9e84ea8fac08eedf6b712eb23b684e29e44b74a15
-
SSDEEP
12288:GlcaxRaNnn6mbtR50wisMIw1nefXIf107:PSenpRPisFwMQO7
Static task
static1
Behavioral task
behavioral1
Sample
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9.exe
-
Size
530KB
-
MD5
cf602786174778595e9e29b905727653
-
SHA1
6bd110b04e9427360b9ee9e8e5a064a06db1a554
-
SHA256
f8eb2310a760caf26849a87a66ff89d58f7d21245bc549023e6470ce397f44f9
-
SHA512
2fd64a5e16d2412cdb5cae375b521fe9f84138e19583996ba05b2fdabb102180a7243fc8507881c9f2ff36d9e84ea8fac08eedf6b712eb23b684e29e44b74a15
-
SSDEEP
12288:GlcaxRaNnn6mbtR50wisMIw1nefXIf107:PSenpRPisFwMQO7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-