General
-
Target
3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73.exe
-
Size
569KB
-
Sample
241112-15r2pasepn
-
MD5
a360b55405c1988ea4ed3bd10454be3d
-
SHA1
98604119d1b77ca2672d92d72a24a4e4974d0fba
-
SHA256
3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73
-
SHA512
27a1f686d9dc2fcfb07f8bcd35b15e6e9aecfeac1bb629d24c30c82095e2f8ccf8c450d0c408768f825116827ec09d83872717a7a31ad21ce05963d93627d711
-
SSDEEP
12288:5y90jAmCH4vGgA3Y8FdjPhOKkD0BsKxuL0o5XkOiwk7d5:5yqlCYvnkPhOKfBbVSX/itd5
Static task
static1
Behavioral task
behavioral1
Sample
3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73.exe
-
Size
569KB
-
MD5
a360b55405c1988ea4ed3bd10454be3d
-
SHA1
98604119d1b77ca2672d92d72a24a4e4974d0fba
-
SHA256
3994a93685e9c77df5404ad6dfc06c559cb7e2017f6763d6685942ce7cedea73
-
SHA512
27a1f686d9dc2fcfb07f8bcd35b15e6e9aecfeac1bb629d24c30c82095e2f8ccf8c450d0c408768f825116827ec09d83872717a7a31ad21ce05963d93627d711
-
SSDEEP
12288:5y90jAmCH4vGgA3Y8FdjPhOKkD0BsKxuL0o5XkOiwk7d5:5yqlCYvnkPhOKfBbVSX/itd5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-