General
-
Target
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74
-
Size
8.1MB
-
Sample
241212-zjb8nsxjdy
-
MD5
d6e69be656af26b6f4fda79eda3de0f3
-
SHA1
cadf54b019c4202847c12cc8d84807ea1fd07b5e
-
SHA256
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74
-
SHA512
e1773782f278f91493984d9226e559a18004a80c0883066111ef0f147fa0e0bf65c7fe22b26026779309ceb3aad81ffbf5796c3c79981402b73c1fa2fa9f5c49
-
SSDEEP
196608:tAUdsL+AUdsLmAUdsLmAUdsLmAUdsLmAUdsk:tPq+PqmPqmPqmPqmPF
Static task
static1
Behavioral task
behavioral1
Sample
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
816FA
88.99.151.68:7200
Targets
-
-
Target
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74
-
Size
8.1MB
-
MD5
d6e69be656af26b6f4fda79eda3de0f3
-
SHA1
cadf54b019c4202847c12cc8d84807ea1fd07b5e
-
SHA256
af9946ffb432459ef1503fcc00736583f5281fdad55ad095931ffe593d132d74
-
SHA512
e1773782f278f91493984d9226e559a18004a80c0883066111ef0f147fa0e0bf65c7fe22b26026779309ceb3aad81ffbf5796c3c79981402b73c1fa2fa9f5c49
-
SSDEEP
196608:tAUdsL+AUdsLmAUdsLmAUdsLmAUdsLmAUdsk:tPq+PqmPqmPqmPqmPF
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-