General
-
Target
46E7C1A9F41230B8B8A09556322BF9F9.exe
-
Size
3.2MB
-
Sample
210323-e95f2tdj6x
-
MD5
46e7c1a9f41230b8b8a09556322bf9f9
-
SHA1
ca547b9bb4fc8dbcc191a93465e42558fa73b8fd
-
SHA256
c05a5e19234c1647076dbbe2c35669e752c506beea33799718713f790064ea8d
-
SHA512
864c81ab485951f218360719f970d731f9b8c536e363c73a738270f6a1725419fc47c3f00b13901c79c28e636bf5a62d0e2763b668dd6ae29312c25a8d3e9022
Static task
static1
Behavioral task
behavioral1
Sample
46E7C1A9F41230B8B8A09556322BF9F9.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
46E7C1A9F41230B8B8A09556322BF9F9.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
46E7C1A9F41230B8B8A09556322BF9F9.exe
-
Size
3.2MB
-
MD5
46e7c1a9f41230b8b8a09556322bf9f9
-
SHA1
ca547b9bb4fc8dbcc191a93465e42558fa73b8fd
-
SHA256
c05a5e19234c1647076dbbe2c35669e752c506beea33799718713f790064ea8d
-
SHA512
864c81ab485951f218360719f970d731f9b8c536e363c73a738270f6a1725419fc47c3f00b13901c79c28e636bf5a62d0e2763b668dd6ae29312c25a8d3e9022
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-