General
-
Target
9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9
-
Size
589KB
-
Sample
241112-bnjljs1frm
-
MD5
06dde792f3bb213745bed4ff6a1be687
-
SHA1
2c689775445de07eb1d0ea720971f8a5323aec9d
-
SHA256
9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9
-
SHA512
3cbaa2f923b26a8d3853b85aaab07f2e226c31228feda98f6bdb4d8567496c091197e24bb05c61bd9257b9052f5c3a546c332566996dd7999735296d97d42a16
-
SSDEEP
12288:xy90vTRRa+nn6nThR50wqePIqGnezV7hKm7qXiKR2:xy2NnyRPqeQq9zRhKmMU
Static task
static1
Behavioral task
behavioral1
Sample
9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dante
185.161.248.73:4164
-
auth_value
f4066af6b8a6f23125c8ee48288a3f90
Targets
-
-
Target
9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9
-
Size
589KB
-
MD5
06dde792f3bb213745bed4ff6a1be687
-
SHA1
2c689775445de07eb1d0ea720971f8a5323aec9d
-
SHA256
9aa7243931558732b3b7608da1755ef2cf4a5040194011a48fd5384bfa9e55c9
-
SHA512
3cbaa2f923b26a8d3853b85aaab07f2e226c31228feda98f6bdb4d8567496c091197e24bb05c61bd9257b9052f5c3a546c332566996dd7999735296d97d42a16
-
SSDEEP
12288:xy90vTRRa+nn6nThR50wqePIqGnezV7hKm7qXiKR2:xy2NnyRPqeQq9zRhKmMU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-