General
-
Target
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe
-
Size
583KB
-
Sample
241115-zl1daavrdq
-
MD5
02b4d93f767751a0487154327eaab9b0
-
SHA1
c934b16ea80e4123678b8b233fea7b9a8532c241
-
SHA256
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6a
-
SHA512
cffa1d50374a107eb2f608c98197571b64a4c5fbb5941070aaf67c5d36f2846548971710d32ab413b3cf3791581b46245f8d3629fb0f57b932c1435985763007
-
SSDEEP
6144:u+8ywtMOWjpbIOH1Wz/e2FzirHJtR/j58IlRIZnhmKvA25PJgpSj22LW:R81tMOW900Wz/dFz8Hj154hmjMgSj2
Static task
static1
Behavioral task
behavioral1
Sample
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
gena
185.161.248.73:4164
-
auth_value
d05bf43eef533e262271449829751d07
Targets
-
-
Target
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6aN.exe
-
Size
583KB
-
MD5
02b4d93f767751a0487154327eaab9b0
-
SHA1
c934b16ea80e4123678b8b233fea7b9a8532c241
-
SHA256
f0ae05b98e82a38bd1a3c76d75a2a203f47ba4365c09bf67876ba73e9a3e4b6a
-
SHA512
cffa1d50374a107eb2f608c98197571b64a4c5fbb5941070aaf67c5d36f2846548971710d32ab413b3cf3791581b46245f8d3629fb0f57b932c1435985763007
-
SSDEEP
6144:u+8ywtMOWjpbIOH1Wz/e2FzirHJtR/j58IlRIZnhmKvA25PJgpSj22LW:R81tMOW900Wz/dFz8Hj154hmjMgSj2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-