General
-
Target
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1)
-
Size
1009KB
-
Sample
210905-vszccahga8
-
MD5
7e06ee9bf79e2861433d6d2b8ff4694d
-
SHA1
28de30147de38f968958e91770e69ceb33e35eb5
-
SHA256
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f
-
SHA512
225cd5e37dbc29aad1d242582748457112b0adb626541a6876c2c6a0e6a27d986791654fd94458e557c628dc16db17f22db037853fae7c41dde34ba4e7245081
Static task
static1
Behavioral task
behavioral1
Sample
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1).exe
Resource
win7-en
Behavioral task
behavioral2
Sample
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1).exe
Resource
win10v20210408
Malware Config
Extracted
redline
Build1
45.142.213.135:30058
Targets
-
-
Target
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f (1)
-
Size
1009KB
-
MD5
7e06ee9bf79e2861433d6d2b8ff4694d
-
SHA1
28de30147de38f968958e91770e69ceb33e35eb5
-
SHA256
e254914f5f7feb6bf10041e2c705d469bc2b292d709dc944381db5911beb1d9f
-
SHA512
225cd5e37dbc29aad1d242582748457112b0adb626541a6876c2c6a0e6a27d986791654fd94458e557c628dc16db17f22db037853fae7c41dde34ba4e7245081
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-