General
-
Target
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d
-
Size
574KB
-
Sample
241112-yyp8eayqgy
-
MD5
71d1f740f8f8dd67c230f6b8e52dd58a
-
SHA1
950516b82c7c8ccb2aa323aba5cfee47ca263395
-
SHA256
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d
-
SHA512
f44e546313b613157d5fbc387ce6af19cb6ed27fc3612d905c531716f0a9f508dc9533755694f223de21fa7431623467780cb10e1f69a03fdb59598cddf1f1b0
-
SSDEEP
12288:OZTYeKazd8Hatlo++vJ6BHF9WwCNdQPyy2ZWB:OVY4d86tcJASJdoTDB
Static task
static1
Behavioral task
behavioral1
Sample
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d
-
Size
574KB
-
MD5
71d1f740f8f8dd67c230f6b8e52dd58a
-
SHA1
950516b82c7c8ccb2aa323aba5cfee47ca263395
-
SHA256
1cbf9bb8d1b556f420901718ba1e29c6bba495f6a170f679b52b82bb22b61d8d
-
SHA512
f44e546313b613157d5fbc387ce6af19cb6ed27fc3612d905c531716f0a9f508dc9533755694f223de21fa7431623467780cb10e1f69a03fdb59598cddf1f1b0
-
SSDEEP
12288:OZTYeKazd8Hatlo++vJ6BHF9WwCNdQPyy2ZWB:OVY4d86tcJASJdoTDB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-