General
-
Target
07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
-
Size
479KB
-
Sample
220208-f7a6qseac4
-
MD5
203e8131a6f654a6c67f53ef46b65117
-
SHA1
51ece091b99c77ef712db6aac01ca8b183d2e0b0
-
SHA256
07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
-
SHA512
311db800b56eac3f3bdfd78a922eeb7a2a019b236f3dea5229475519f5bf87f756d9cdcad9a8d4011ba9fc1b1463cb860d1d2da7fb92c8c29553c3e117d0e0c0
Static task
static1
Behavioral task
behavioral1
Sample
07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
test1
disandillanne.xyz:80
Targets
-
-
Target
07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
-
Size
479KB
-
MD5
203e8131a6f654a6c67f53ef46b65117
-
SHA1
51ece091b99c77ef712db6aac01ca8b183d2e0b0
-
SHA256
07f25ccae0c5a4be7aacf1e2fc562e20ad26cfeb32d561a23635ce963a6d5c27
-
SHA512
311db800b56eac3f3bdfd78a922eeb7a2a019b236f3dea5229475519f5bf87f756d9cdcad9a8d4011ba9fc1b1463cb860d1d2da7fb92c8c29553c3e117d0e0c0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-