General
-
Target
616a43887f9589fdde5087c9f8ba5a80
-
Size
25KB
-
Sample
220706-2ghc1scbb7
-
MD5
616a43887f9589fdde5087c9f8ba5a80
-
SHA1
dd82909ad904570b68a8dbb3e8ea43665ba533d7
-
SHA256
f53ba40902951595422a99d8edcacadd9794c251381a3ea8b9678eca506f4309
-
SHA512
21dda7545fc8da7396404c959eed0e31c2c8392dd538ba01e114232d6ad3d4183fb560d7a92c391b4684ab151881ed4f447b07182ee87046d9288b0b9fc97041
Static task
static1
Behavioral task
behavioral1
Sample
616a43887f9589fdde5087c9f8ba5a80.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
616a43887f9589fdde5087c9f8ba5a80.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
build
172.93.213.137:7525
Targets
-
-
Target
616a43887f9589fdde5087c9f8ba5a80
-
Size
25KB
-
MD5
616a43887f9589fdde5087c9f8ba5a80
-
SHA1
dd82909ad904570b68a8dbb3e8ea43665ba533d7
-
SHA256
f53ba40902951595422a99d8edcacadd9794c251381a3ea8b9678eca506f4309
-
SHA512
21dda7545fc8da7396404c959eed0e31c2c8392dd538ba01e114232d6ad3d4183fb560d7a92c391b4684ab151881ed4f447b07182ee87046d9288b0b9fc97041
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-