General
-
Target
c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13
-
Size
866KB
-
Sample
241111-he4zfsvglc
-
MD5
170f9e86d0832e1cbd4e48c6690d04da
-
SHA1
cebc0eb4d0197c01874cb1386a74f6de573df06e
-
SHA256
c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13
-
SHA512
b202e85dd3d3566489e34413b2719d63adb1d7e13d2c5783bccca0dfa7ae1d30f729a0d701470d904a7d4fb43f295b40bdfd9ad7aaf1dafb024986d53894b316
-
SSDEEP
24576:gyr9F0MZ+KXdP/P1cgSRP5q3EMrKpp5vBzymvUAr3:nDVlRHm/RPkEMUpW2
Static task
static1
Behavioral task
behavioral1
Sample
c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13
-
Size
866KB
-
MD5
170f9e86d0832e1cbd4e48c6690d04da
-
SHA1
cebc0eb4d0197c01874cb1386a74f6de573df06e
-
SHA256
c2cc823a0df092c7fce7fcbe4c8f824591f2d9fcff544777e4968d74f3d28d13
-
SHA512
b202e85dd3d3566489e34413b2719d63adb1d7e13d2c5783bccca0dfa7ae1d30f729a0d701470d904a7d4fb43f295b40bdfd9ad7aaf1dafb024986d53894b316
-
SSDEEP
24576:gyr9F0MZ+KXdP/P1cgSRP5q3EMrKpp5vBzymvUAr3:nDVlRHm/RPkEMUpW2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-