General
-
Target
ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d
-
Size
890KB
-
Sample
241111-kxa57sxajq
-
MD5
f5e6d3506624bb3ef4d21e2dc5489cd5
-
SHA1
fb164e7168b0e1416765ac400ee48f8c8957e24e
-
SHA256
ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d
-
SHA512
603e8998b8afea4b5ac632d03598e9b605e9d1bed87282d93237fcf4c1e908f9beced964641b2eb61dd948e72e69fbe6b6b9d89e4ec53bc6175ff883f6489e48
-
SSDEEP
24576:xyzVxStZHExnmRbNaZzxVvAIdzos7lpdIsqVCq1:kTuZHExmPOAcJyVC
Static task
static1
Behavioral task
behavioral1
Sample
ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d
-
Size
890KB
-
MD5
f5e6d3506624bb3ef4d21e2dc5489cd5
-
SHA1
fb164e7168b0e1416765ac400ee48f8c8957e24e
-
SHA256
ad3930e087caf238fec1c5dfac2659a58254929bd3f21ae3be0cf647375d2a4d
-
SHA512
603e8998b8afea4b5ac632d03598e9b605e9d1bed87282d93237fcf4c1e908f9beced964641b2eb61dd948e72e69fbe6b6b9d89e4ec53bc6175ff883f6489e48
-
SSDEEP
24576:xyzVxStZHExnmRbNaZzxVvAIdzos7lpdIsqVCq1:kTuZHExmPOAcJyVC
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-