General
-
Target
ddf82eaf2707ce522623efb8724ec4d3def245b7edff76245da2eb902b0773bb.zip
-
Size
364KB
-
Sample
230328-kschgabg21
-
MD5
fe34b1b6e54a6d411c7c0d7a1f8098d5
-
SHA1
a49475672eee45be381ef37a35a7afe2e0db760f
-
SHA256
fa3680e959871a8b7880231d204a715261c82e9c37ba79c2298e16e05aa975e5
-
SHA512
2b449419dc5028e123f497d98d6f5c20db660222e4afef45f0447e1b32b709feaea5e1ad150c90202ed14b6fe9503958fb6f23887d30621ff494adf572884710
-
SSDEEP
6144:QRoGho+5ItvZhmMxYnbgKqewARrxse8G528i0LSYBezA24r8KwX8+XpPy83f:yk5VxMBwAROtk28iKSVz+wKwX8+XZTf
Behavioral task
behavioral1
Sample
ddf82eaf2707ce522623efb8724ec4d3def245b7edff76245da2eb902b0773bb.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
azure
68.219.104.74:56189
Targets
-
-
Target
ddf82eaf2707ce522623efb8724ec4d3def245b7edff76245da2eb902b0773bb
-
Size
637KB
-
MD5
4aa0c7957da0e3a896ea83291b6e60ab
-
SHA1
88fabfa45c3d2c7db2096bee7a59479593e2bb90
-
SHA256
ddf82eaf2707ce522623efb8724ec4d3def245b7edff76245da2eb902b0773bb
-
SHA512
300fb41e9563bef358d7db1543c8b2d966cbb2faf5b13d08bda04892fa9b11f65e0891734a62e77a60e3de1fe9ddff63acb3f42bcfd773946835ff1cbf7f4a6c
-
SSDEEP
12288:N4H3Z0scDTvtXTDK+sW9O2q2uU0Q4vWkJ:NucDTJnquk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-