General
-
Target
31c9d8b7973f90769d41b9c8c9b7ce69b87c890384b6fbf2f27499b28096f274
-
Size
694KB
-
Sample
220521-np2vqshbcj
-
MD5
61072e959487ed7a6d8af3df000383a2
-
SHA1
bb0baf882a4b80cdad105b636a28dc665d30ef34
-
SHA256
31c9d8b7973f90769d41b9c8c9b7ce69b87c890384b6fbf2f27499b28096f274
-
SHA512
dea4156c984bdf2c841f1fab5ce64249f1690a9ed00dffe5e98bc1a8f2e85649bcabc3575f04413e25dea96872a8aee9273e1a38af59f1bbc35f6e2ebcf26e58
Static task
static1
Behavioral task
behavioral1
Sample
apphost.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
apphost.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
seks
45.153.229.9:80
Targets
-
-
Target
apphost.exe
-
Size
851KB
-
MD5
3537bace415d485bb0528309f957c4cb
-
SHA1
e438188ecf9b4624262983cb61d92476040304e4
-
SHA256
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
-
SHA512
bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-