General
-
Target
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe
-
Size
581KB
-
Sample
241113-pp216svpeq
-
MD5
593e47c59bbfc31b3a0ab2270e44050e
-
SHA1
5e27924deacc2872506d3c53da049bda2e83da63
-
SHA256
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d
-
SHA512
25c4a637caee66aa6154c95fdb504886c2064c2a0a5d002e74f6a9699a011e18d1c4725d121fc8370e81e8001a1ef35c8cfa4017682163af0c0b5f0e8b5150d0
-
SSDEEP
12288:2gnXCptMOVe6UUOA2OFwXy+d15GVXLGrLmRFR:2WX+VBUUoOFwC+9GNL2cR
Static task
static1
Behavioral task
behavioral1
Sample
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d.exe
-
Size
581KB
-
MD5
593e47c59bbfc31b3a0ab2270e44050e
-
SHA1
5e27924deacc2872506d3c53da049bda2e83da63
-
SHA256
07be943bf2865ec038460d302867e54b874e101aae5db4d1f75531e447db877d
-
SHA512
25c4a637caee66aa6154c95fdb504886c2064c2a0a5d002e74f6a9699a011e18d1c4725d121fc8370e81e8001a1ef35c8cfa4017682163af0c0b5f0e8b5150d0
-
SSDEEP
12288:2gnXCptMOVe6UUOA2OFwXy+d15GVXLGrLmRFR:2WX+VBUUoOFwC+9GNL2cR
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-