General
-
Target
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe
-
Size
582KB
-
Sample
241112-x8l33aykhs
-
MD5
6fced8b54625dc6fafc9aec308c52a16
-
SHA1
7c6a7976095ec241850bff5ee64bb8ac4ad4fc72
-
SHA256
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098
-
SHA512
a06bbd55d3d885b7390f962919b53a487d4b34bde6a68786db5a34d046bbac14966852ebb837118fe56ee259cd10062923f6c9fa669a2dd74acaee272fbfaa64
-
SSDEEP
12288:YsLi9pW/d6CU9XVo8dY9o67hNmeKbu163qJ:YGiEd6CU9Fo8d67hNmeKa43qJ
Static task
static1
Behavioral task
behavioral1
Sample
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098.exe
-
Size
582KB
-
MD5
6fced8b54625dc6fafc9aec308c52a16
-
SHA1
7c6a7976095ec241850bff5ee64bb8ac4ad4fc72
-
SHA256
9195819e43298725d2939cf667101b69348c0e89e94f7b8226be424c7e78a098
-
SHA512
a06bbd55d3d885b7390f962919b53a487d4b34bde6a68786db5a34d046bbac14966852ebb837118fe56ee259cd10062923f6c9fa669a2dd74acaee272fbfaa64
-
SSDEEP
12288:YsLi9pW/d6CU9XVo8dY9o67hNmeKbu163qJ:YGiEd6CU9Fo8d67hNmeKa43qJ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-