General
-
Target
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe
-
Size
426KB
-
Sample
241113-n5mezs1hnk
-
MD5
e9feba2622c5cd8c63e7fd6391d52910
-
SHA1
f9f506441e2fa3ad58209408b3ea9efaf08d9135
-
SHA256
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144
-
SHA512
a2892be3bc92f50f73976e0f279a7e3491237c6100baea597a33a195dfd76201a1f03bba905a153ff04e91eb494be4515acda74992ecaeb239bb9f3da417b0a0
-
SSDEEP
12288:l/H3y3bGd+hmUSTuNscqpCI8bPszh8kR3:xXEbGd+hmUSTOlbPMBR
Static task
static1
Behavioral task
behavioral1
Sample
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Targets
-
-
Target
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144N.exe
-
Size
426KB
-
MD5
e9feba2622c5cd8c63e7fd6391d52910
-
SHA1
f9f506441e2fa3ad58209408b3ea9efaf08d9135
-
SHA256
2d14fb56221a32931639a65a1fd9c1a20cd44db20e0ad732f630ea1056255144
-
SHA512
a2892be3bc92f50f73976e0f279a7e3491237c6100baea597a33a195dfd76201a1f03bba905a153ff04e91eb494be4515acda74992ecaeb239bb9f3da417b0a0
-
SSDEEP
12288:l/H3y3bGd+hmUSTuNscqpCI8bPszh8kR3:xXEbGd+hmUSTOlbPMBR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-