General
-
Target
d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790.exe
-
Size
903KB
-
Sample
241211-d3fjjsypfj
-
MD5
eb7496ff2480e5b4fbd90e785a7328cd
-
SHA1
0039713076f0ccb54bfea4fa060b62eada29d39e
-
SHA256
d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790
-
SHA512
fde7e0e55c266289eebb393f41985dfc7a61ffcda24822bb35163002750ea6f2d969c63650d78804a365e7fe967a3b585c18591ee72c5c14fbe2696ccab5fec1
-
SSDEEP
24576:GyC4xOD82KiKPsBQJYJk2ObauajEwFOEB:txFtLkBQJYJk2uaNh
Malware Config
Extracted
redline
RL
45.137.22.164:1912
Targets
-
-
Target
d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790.exe
-
Size
903KB
-
MD5
eb7496ff2480e5b4fbd90e785a7328cd
-
SHA1
0039713076f0ccb54bfea4fa060b62eada29d39e
-
SHA256
d30d43ea8f103340a2307145035f404873d3d345f310dbeba6fa20f85d3fb790
-
SHA512
fde7e0e55c266289eebb393f41985dfc7a61ffcda24822bb35163002750ea6f2d969c63650d78804a365e7fe967a3b585c18591ee72c5c14fbe2696ccab5fec1
-
SSDEEP
24576:GyC4xOD82KiKPsBQJYJk2ObauajEwFOEB:txFtLkBQJYJk2uaNh
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-