General
-
Target
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.zip
-
Size
110KB
-
Sample
221104-v6p1tsbcbp
-
MD5
830ea823d17e0601a60ccf24f6054dba
-
SHA1
637b659f7494190a4312061c0deeb1dd3d14650c
-
SHA256
565517ddfa6d09fa094c5dbddfe70447d0fcc0f2dfe66bba5f9f9ef73c47c6d6
-
SHA512
050eac86b09255048c8124c48517478fecae8d6d2ef7da9186d2723fd2f34ad13e006cd0402ce88c8bbb57cc65c348f6442b848d20c5d3b0a16e795be4ceec3c
-
SSDEEP
1536:Hm6GWV041X2Y80CsHZ4x/MIGJhzNlMBAKbx7gkslmOPeLIdxrmZ0xhwb7caQG4:LX20CM4xmLlMuwCDwMZOOocLG4
Static task
static1
Behavioral task
behavioral1
Sample
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.exe
-
Size
427KB
-
MD5
c34729173ecc820eb7674431597d78be
-
SHA1
884f343876a8bb0ebac63c28191c22c6f69590f8
-
SHA256
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0
-
SHA512
f9c93a0c6f55217016fe5ba550e9948662901b9240662708ac93074bf9692427b73ce10864927026b118aeb6622a47cfa04976bbc9b482a31aef21a5c96786a0
-
SSDEEP
3072:yvGyYiSDnt1Et5CmPo8VGAnxoctr6Byd4TUISI:24UCp6n756BmlI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-