General
-
Target
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N
-
Size
582KB
-
Sample
241111-hts6hawamd
-
MD5
15bee7e56d8fbf1f58546151f37d6d10
-
SHA1
b363110aebb9f1329060f1d284f44aeba76ad1fb
-
SHA256
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479
-
SHA512
f9d1dc768901e12f6265c4b22b42ef1ed8eb3555e5b817985cc739bbbac6cb43ea7cc66d1eca01883fa33c261997840100d939053994f1d35809684f3f8f09cf
-
SSDEEP
6144:GbDNNczW2qCEFgk47EOfTeEgQUEEQhRvC9Z14kvcUUM4unsWfbPb7nwifkeffq:GbDfczW2WFLHQvra1DkN0rbPIWkef
Static task
static1
Behavioral task
behavioral1
Sample
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479N
-
Size
582KB
-
MD5
15bee7e56d8fbf1f58546151f37d6d10
-
SHA1
b363110aebb9f1329060f1d284f44aeba76ad1fb
-
SHA256
ee41a5407e35ff6626eaffcf8a9e8bf2ab4b6c81a2427dbf82286088028be479
-
SHA512
f9d1dc768901e12f6265c4b22b42ef1ed8eb3555e5b817985cc739bbbac6cb43ea7cc66d1eca01883fa33c261997840100d939053994f1d35809684f3f8f09cf
-
SSDEEP
6144:GbDNNczW2qCEFgk47EOfTeEgQUEEQhRvC9Z14kvcUUM4unsWfbPb7nwifkeffq:GbDfczW2WFLHQvra1DkN0rbPIWkef
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-