General
-
Target
6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49
-
Size
891KB
-
Sample
241111-ermn6awlbq
-
MD5
84211f0f1a11df3f903213c052324eea
-
SHA1
fe225315d84fd4babce4f60c5eb30dbbc65415fe
-
SHA256
6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49
-
SHA512
66d5004301720a463c819715b58a265b7f34880a012676e18775175223224d2457a701aa4a340c4ba539f247d5043b6acb1d8af8ee033c8a8a93d456980a5226
-
SSDEEP
24576:SycJKnl203RFx8XnkRycKiA/J0MKHuzH84YQFQyI5er:5cJAfPx8XkTRMhc4uyP
Static task
static1
Behavioral task
behavioral1
Sample
6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49
-
Size
891KB
-
MD5
84211f0f1a11df3f903213c052324eea
-
SHA1
fe225315d84fd4babce4f60c5eb30dbbc65415fe
-
SHA256
6aff4c2becaf24ab6e1d9bffe05aaf67020a7cfc3c77e7f576efccd11cfaaf49
-
SHA512
66d5004301720a463c819715b58a265b7f34880a012676e18775175223224d2457a701aa4a340c4ba539f247d5043b6acb1d8af8ee033c8a8a93d456980a5226
-
SSDEEP
24576:SycJKnl203RFx8XnkRycKiA/J0MKHuzH84YQFQyI5er:5cJAfPx8XkTRMhc4uyP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-