General
-
Target
3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee
-
Size
850KB
-
Sample
241111-hfj1nstpfz
-
MD5
8a2bb5ec4cb9e47f3ec00f9c40409950
-
SHA1
ceb7c660d65959ee4d55630e3e428dc948c475cb
-
SHA256
3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee
-
SHA512
8240bdaf7d4f996eb8d85a02a7f1af12a3daadf68c6a86a95167d06b86da4d8378f38c64a2a236d442d0820c2639ff2889f290723a7fb386e3fe137979d622e3
-
SSDEEP
24576:vyDLPVDOIG+Q11f4zPVTPrd4TZlRDfD4:6DbV6I5Q1UVjWXRDL
Static task
static1
Behavioral task
behavioral1
Sample
3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
danko
185.161.248.73:4164
-
auth_value
784d42a6c1eb1a5060b8bcd3696f5f1e
Targets
-
-
Target
3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee
-
Size
850KB
-
MD5
8a2bb5ec4cb9e47f3ec00f9c40409950
-
SHA1
ceb7c660d65959ee4d55630e3e428dc948c475cb
-
SHA256
3ce73f36bf5cd57e8f0d0950e83439e4006131c5c91745e31feacbd9872eecee
-
SHA512
8240bdaf7d4f996eb8d85a02a7f1af12a3daadf68c6a86a95167d06b86da4d8378f38c64a2a236d442d0820c2639ff2889f290723a7fb386e3fe137979d622e3
-
SSDEEP
24576:vyDLPVDOIG+Q11f4zPVTPrd4TZlRDfD4:6DbV6I5Q1UVjWXRDL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-