General
-
Target
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe
-
Size
581KB
-
Sample
241113-rxexqaxjfp
-
MD5
25d5cd62752303fd97d26409c19f3518
-
SHA1
7d12a9ab1a2763020e9d0cd56341d7a7219232ed
-
SHA256
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3
-
SHA512
8c90ff4a516a219fd31b3cc1ecdf2b2a3f32d7b44d76650bd683318bf752ff892e53d0fddbbb1d03d2d7730e4187ac571023e8b64d67d8616d862805a94cb37d
-
SSDEEP
12288:KvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Qg:oAWbZl2LfBpnw/q/27v
Static task
static1
Behavioral task
behavioral1
Sample
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3.exe
-
Size
581KB
-
MD5
25d5cd62752303fd97d26409c19f3518
-
SHA1
7d12a9ab1a2763020e9d0cd56341d7a7219232ed
-
SHA256
33d0861ad27092e8968fa8f0801744d4d59de282cce9521f485bd5d803407eb3
-
SHA512
8c90ff4a516a219fd31b3cc1ecdf2b2a3f32d7b44d76650bd683318bf752ff892e53d0fddbbb1d03d2d7730e4187ac571023e8b64d67d8616d862805a94cb37d
-
SSDEEP
12288:KvAh3cpq/5gZl2/u4RLZftnpnw/q5J2QC1Qg:oAWbZl2LfBpnw/q/27v
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-