General
-
Target
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe
-
Size
479KB
-
Sample
241112-y4envszhmg
-
MD5
b7af33b83ec0faea42da0118a1ddd316
-
SHA1
d95cc2e9c8d32423834d131045e9297ba2685c88
-
SHA256
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f
-
SHA512
2f472c9200d609921f8ac9829c8bee0c21006881746f57b6df32607d70369a89af017c04e17ebba0ee6b0f2378911ccb085868d85a72c112cea4be553eb2be37
-
SSDEEP
12288:Cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7NC:Y6Fxclyhze3qJOj4TaKZZKA
Static task
static1
Behavioral task
behavioral1
Sample
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f.exe
-
Size
479KB
-
MD5
b7af33b83ec0faea42da0118a1ddd316
-
SHA1
d95cc2e9c8d32423834d131045e9297ba2685c88
-
SHA256
0513d1a9de10865b3d5cbb480a924ed92f6464bcef68deb2b436f5937bd9142f
-
SHA512
2f472c9200d609921f8ac9829c8bee0c21006881746f57b6df32607d70369a89af017c04e17ebba0ee6b0f2378911ccb085868d85a72c112cea4be553eb2be37
-
SSDEEP
12288:Cz2/F3bj2fsc9W2YulMgUz0JJZqeA6ebOhr14TaNsZZK7NC:Y6Fxclyhze3qJOj4TaKZZKA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-