General
-
Target
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585
-
Size
117KB
-
Sample
220922-kh6nkaedgk
-
MD5
e690f062a41f0c39bfef62d766a0abb5
-
SHA1
74caddf0d8ea2cb8bbe8d738c8e04ba06a937b50
-
SHA256
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585
-
SHA512
685f4be42673d7e0a0da3d8af475a94f342adea95efa9b78563f5bd94064a6ab3b1671d26d25506600e3583e55c2214b9f52406e02d0c0b117e6dd3e54ad0aa8
-
SSDEEP
768:M4gSrhsJNqYVRCPUJbzBi7H1FCL+TgGhEggR:dt1sfl3k1s6Tga2
Behavioral task
behavioral1
Sample
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
att
62.204.41.139:25190
-
auth_value
b355d5cc1aaf949574c88238282a0927
Targets
-
-
Target
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585
-
Size
117KB
-
MD5
e690f062a41f0c39bfef62d766a0abb5
-
SHA1
74caddf0d8ea2cb8bbe8d738c8e04ba06a937b50
-
SHA256
561c9eaaa3855ac458f53b9ef4a0d0f88b250f6571c7abc227317f058afe1585
-
SHA512
685f4be42673d7e0a0da3d8af475a94f342adea95efa9b78563f5bd94064a6ab3b1671d26d25506600e3583e55c2214b9f52406e02d0c0b117e6dd3e54ad0aa8
-
SSDEEP
768:M4gSrhsJNqYVRCPUJbzBi7H1FCL+TgGhEggR:dt1sfl3k1s6Tga2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-