General
-
Target
1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829.exe
-
Size
578KB
-
Sample
241113-y169psydkh
-
MD5
b8ceff724b19f20bf74f75befed1b601
-
SHA1
028bfd21a585705f7aecddfd4db7c380af233bee
-
SHA256
1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829
-
SHA512
c6794580ce9a34a134860a00f7f7ded0fd8431e1e8988cdba7c25a73c01bb6b0f7d2f1cc9ea3b6bf30fcceae156df4edf6f7e297d4b9d98810316fd16fc5ff48
-
SSDEEP
12288:Cy90qtZxqNAI53IXBivt52SGphms6qL2LgpY:Cyt+AIDvtkdP6qLhY
Static task
static1
Behavioral task
behavioral1
Sample
1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Extracted
redline
dark
185.161.248.73:4164
-
auth_value
ae85b01f66afe8770afeed560513fc2d
Targets
-
-
Target
1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829.exe
-
Size
578KB
-
MD5
b8ceff724b19f20bf74f75befed1b601
-
SHA1
028bfd21a585705f7aecddfd4db7c380af233bee
-
SHA256
1aed039d3f69c33316ce43bc8b989f658974836c8679e72ca826584551930829
-
SHA512
c6794580ce9a34a134860a00f7f7ded0fd8431e1e8988cdba7c25a73c01bb6b0f7d2f1cc9ea3b6bf30fcceae156df4edf6f7e297d4b9d98810316fd16fc5ff48
-
SSDEEP
12288:Cy90qtZxqNAI53IXBivt52SGphms6qL2LgpY:Cyt+AIDvtkdP6qLhY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-