General
-
Target
374254afc8ea6c47117faf51cb8c9be4
-
Size
25KB
-
Sample
220714-g8ee8aabaj
-
MD5
374254afc8ea6c47117faf51cb8c9be4
-
SHA1
18e749452b0c7989c2ab3f5f38cc85d73d38a2aa
-
SHA256
dfc95f947fe62ed4e6b5d62c2dfb305c7159c155ce303f4874e8f19b9fcf9f90
-
SHA512
9cfccc95d36c2be61c1ada781a652b18bdf3a1eb2a735171b6d8893d469ff886f2736c39953f77c5cdd5469f297949b72857b2ae37147873e95478ed64586767
Static task
static1
Behavioral task
behavioral1
Sample
374254afc8ea6c47117faf51cb8c9be4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
374254afc8ea6c47117faf51cb8c9be4.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
build
172.93.213.137:7525
Targets
-
-
Target
374254afc8ea6c47117faf51cb8c9be4
-
Size
25KB
-
MD5
374254afc8ea6c47117faf51cb8c9be4
-
SHA1
18e749452b0c7989c2ab3f5f38cc85d73d38a2aa
-
SHA256
dfc95f947fe62ed4e6b5d62c2dfb305c7159c155ce303f4874e8f19b9fcf9f90
-
SHA512
9cfccc95d36c2be61c1ada781a652b18bdf3a1eb2a735171b6d8893d469ff886f2736c39953f77c5cdd5469f297949b72857b2ae37147873e95478ed64586767
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-