General
-
Target
fd40240f7874f6324e0ecb17a3f1f7e095d3feb079b56da3694dac833bdc6a0c
-
Size
462KB
-
Sample
220521-blc1zscaf5
-
MD5
a22ead0d0e5b585b30a544bce9d9b78e
-
SHA1
8ce666d569638bfeee995f2df13d51bf00fcaa45
-
SHA256
fd40240f7874f6324e0ecb17a3f1f7e095d3feb079b56da3694dac833bdc6a0c
-
SHA512
395c482e610bbc1e5743325d5ff055dcf19bc7c8d07fa43d8f80d76144ebc59a302bfaebedf2c776a2ee4d0728549e1919ce1b5bf66c79e4fe37528c36ea6721
Static task
static1
Behavioral task
behavioral1
Sample
apphost.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
apphost.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
2905 ostap
45.66.9.166:80
Targets
-
-
Target
apphost.exe
-
Size
603KB
-
MD5
35329adc614b4afdf984585c386a6b16
-
SHA1
3ce0b19b9f426fb8a1349d738d7d30fd0f8fa060
-
SHA256
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9
-
SHA512
94c8522e648bbed20139480748010601b0eb3bbbc387e1f5f3401dca28582cb248d7910b53ac91ccd66681b0a3647e5db0c6838c9c627def3e6628e20365e66d
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-