General
-
Target
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f
-
Size
424KB
-
Sample
241112-yxrpvazhkk
-
MD5
d6be788ce9a46ab76facbde4eb6adeca
-
SHA1
e29bcb9ebd025b0e087d0db65f21e8ba77bbe90f
-
SHA256
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f
-
SHA512
b9d51402c668fac718f406dc3938d8156f6d084c1812aab2b94b16d44ead0e8c6ac0224c609369cf8400905cf444ce56c7348bea25c1f0ffc6b822a8a26b00a1
-
SSDEEP
6144:YMjrkdSCFNVLHqgQyg9FuCuyqwdsBWTvTFMJYkL9SlWL1KEq2ZQuRWxwXT:YkJCrVTeL9FuCurwdswTrFZkZ/njBj
Static task
static1
Behavioral task
behavioral1
Sample
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Targets
-
-
Target
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f
-
Size
424KB
-
MD5
d6be788ce9a46ab76facbde4eb6adeca
-
SHA1
e29bcb9ebd025b0e087d0db65f21e8ba77bbe90f
-
SHA256
196a02b61169606da253979ddbc7c0b8a42a76a42e909dff96d2e8de5e58b82f
-
SHA512
b9d51402c668fac718f406dc3938d8156f6d084c1812aab2b94b16d44ead0e8c6ac0224c609369cf8400905cf444ce56c7348bea25c1f0ffc6b822a8a26b00a1
-
SSDEEP
6144:YMjrkdSCFNVLHqgQyg9FuCuyqwdsBWTvTFMJYkL9SlWL1KEq2ZQuRWxwXT:YkJCrVTeL9FuCurwdswTrFZkZ/njBj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-