General
-
Target
8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5
-
Size
850KB
-
Sample
241111-h9vz2avhlr
-
MD5
70a959aa1460e9704c432efe96be5a89
-
SHA1
14ae237603efe0e5a0a5083bbb1b32ecca50fe44
-
SHA256
8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5
-
SHA512
e081e7cab3d4f6fbaecc796ca3aa63b5bf1a34ed9384bb7bb5147aa340320c424824a9dfafc618cffe9f5cf634239701a775be55b0955c45dd89e8f8d832c1ab
-
SSDEEP
12288:8y90q9IO2fsXUhXDgux1BkFezWeLd+snT2AZFOgU39Xee7U+5yeMtaDpomcrS/:8y99IO20Uh7xfssSVS4Us39
Static task
static1
Behavioral task
behavioral1
Sample
8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5
-
Size
850KB
-
MD5
70a959aa1460e9704c432efe96be5a89
-
SHA1
14ae237603efe0e5a0a5083bbb1b32ecca50fe44
-
SHA256
8dc008f95257bc8aa58e9c32d47b71787f84d0ad71dd00123a79003ccccc19d5
-
SHA512
e081e7cab3d4f6fbaecc796ca3aa63b5bf1a34ed9384bb7bb5147aa340320c424824a9dfafc618cffe9f5cf634239701a775be55b0955c45dd89e8f8d832c1ab
-
SSDEEP
12288:8y90q9IO2fsXUhXDgux1BkFezWeLd+snT2AZFOgU39Xee7U+5yeMtaDpomcrS/:8y99IO20Uh7xfssSVS4Us39
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-