General
-
Target
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
-
Size
851KB
-
Sample
220521-npy4vaeaa7
-
MD5
3537bace415d485bb0528309f957c4cb
-
SHA1
e438188ecf9b4624262983cb61d92476040304e4
-
SHA256
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
-
SHA512
bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5
Static task
static1
Behavioral task
behavioral1
Sample
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
seks
45.153.229.9:80
Targets
-
-
Target
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
-
Size
851KB
-
MD5
3537bace415d485bb0528309f957c4cb
-
SHA1
e438188ecf9b4624262983cb61d92476040304e4
-
SHA256
686a4b97ac3658409328ff06350a2af5d637cbd7bcd6ae9b60d80f52244a803b
-
SHA512
bf18cc15c180d2cde71554bf2504344434cd0d4df64dc445931cd02694469c267adbeb028b9e306b5fb340020fc73eb4fb579fb3094c5d59eec55061d5c958d5
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-