General
-
Target
0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
-
Size
1004KB
-
Sample
230206-q6esmshd8w
-
MD5
b726e7acb36c6eef97e9a9f2fef000b2
-
SHA1
804f59f453347613e015f4c981306c338398cfe4
-
SHA256
0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
-
SHA512
0cf3eb1105c0a750dd4563a0707620e334ac881faf604e10ba06745f8399826b9a1e813c2d44025b9f9760a6404a5403d71062ab19ee00323eee0c85c23c4857
-
SSDEEP
24576:cIv5QimqIakPrYsMdX3gU22+c5c6apVuXgm:nOXUXwF2Nrg
Behavioral task
behavioral1
Sample
0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
cheat
45.88.231.102:60891
Targets
-
-
Target
0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
-
Size
1004KB
-
MD5
b726e7acb36c6eef97e9a9f2fef000b2
-
SHA1
804f59f453347613e015f4c981306c338398cfe4
-
SHA256
0a2be0fd97c82f086cbba5ba01e61ff0ec968a3e76576454f6e3549a6f44bbc1
-
SHA512
0cf3eb1105c0a750dd4563a0707620e334ac881faf604e10ba06745f8399826b9a1e813c2d44025b9f9760a6404a5403d71062ab19ee00323eee0c85c23c4857
-
SSDEEP
24576:cIv5QimqIakPrYsMdX3gU22+c5c6apVuXgm:nOXUXwF2Nrg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-