General
-
Target
dce5041b909c70be166ae0725d50a402
-
Size
25KB
-
Sample
220714-hjpekaagfr
-
MD5
dce5041b909c70be166ae0725d50a402
-
SHA1
3bb1ae879fbf47162e702bc1c4a8ea71cedf60b4
-
SHA256
e0b3569b9b350a454e1e7c838c6ab3cff93310259f5b052245400eacedfd252c
-
SHA512
aad32881c9f04ec75b6f16e3927d8bd33a85543da5dff28fcc61e7f31055444f8cb8b0e0d820137a96bd94fc57f1ad0181c8a774df01f91b4cd55bfbe1d3c879
Static task
static1
Behavioral task
behavioral1
Sample
dce5041b909c70be166ae0725d50a402.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dce5041b909c70be166ae0725d50a402.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
build
172.93.213.137:7525
Targets
-
-
Target
dce5041b909c70be166ae0725d50a402
-
Size
25KB
-
MD5
dce5041b909c70be166ae0725d50a402
-
SHA1
3bb1ae879fbf47162e702bc1c4a8ea71cedf60b4
-
SHA256
e0b3569b9b350a454e1e7c838c6ab3cff93310259f5b052245400eacedfd252c
-
SHA512
aad32881c9f04ec75b6f16e3927d8bd33a85543da5dff28fcc61e7f31055444f8cb8b0e0d820137a96bd94fc57f1ad0181c8a774df01f91b4cd55bfbe1d3c879
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-