General
-
Target
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9
-
Size
603KB
-
Sample
220521-blcefscaf4
-
MD5
35329adc614b4afdf984585c386a6b16
-
SHA1
3ce0b19b9f426fb8a1349d738d7d30fd0f8fa060
-
SHA256
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9
-
SHA512
94c8522e648bbed20139480748010601b0eb3bbbc387e1f5f3401dca28582cb248d7910b53ac91ccd66681b0a3647e5db0c6838c9c627def3e6628e20365e66d
Static task
static1
Behavioral task
behavioral1
Sample
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
2905 ostap
45.66.9.166:80
Targets
-
-
Target
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9
-
Size
603KB
-
MD5
35329adc614b4afdf984585c386a6b16
-
SHA1
3ce0b19b9f426fb8a1349d738d7d30fd0f8fa060
-
SHA256
ca120f69f73a72abd0c7f05da2a653556a7abc29a793ea2ae06f4419f11313c9
-
SHA512
94c8522e648bbed20139480748010601b0eb3bbbc387e1f5f3401dca28582cb248d7910b53ac91ccd66681b0a3647e5db0c6838c9c627def3e6628e20365e66d
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-