General
-
Target
1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5
-
Size
889KB
-
Sample
241111-hfa3rsvdjq
-
MD5
1d0f7e04609c1ea28deb90aecb2fb230
-
SHA1
58aeecddc1a52133f294b1f43436f562d1d6a186
-
SHA256
1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5
-
SHA512
3e3efb5ec92859ded27167c7c31846340accf3f53d2ebb62e66ad9326c242be3b872c42187b83d973853b7dba2da53173f0bbc6451e2a216856174a45d230742
-
SSDEEP
24576:Ly8jvu1bo7NPAuOCgow4qZrGzEs2qsm1cat:+8jvuy7NYuOD/HdsEs2qbt
Static task
static1
Behavioral task
behavioral1
Sample
1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dork
185.161.248.73:4164
-
auth_value
e81be7d6cfb453cc812e1b4890eeadad
Targets
-
-
Target
1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5
-
Size
889KB
-
MD5
1d0f7e04609c1ea28deb90aecb2fb230
-
SHA1
58aeecddc1a52133f294b1f43436f562d1d6a186
-
SHA256
1283c9da8490d86359fe2d6dd5a7ba189c907d9862745d2d303b692e5d1460f5
-
SHA512
3e3efb5ec92859ded27167c7c31846340accf3f53d2ebb62e66ad9326c242be3b872c42187b83d973853b7dba2da53173f0bbc6451e2a216856174a45d230742
-
SSDEEP
24576:Ly8jvu1bo7NPAuOCgow4qZrGzEs2qsm1cat:+8jvuy7NYuOD/HdsEs2qbt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-