General
-
Target
93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.zip
-
Size
7.5MB
-
Sample
230328-kt2trabg4y
-
MD5
71dc384f1862027b410a30c12c076242
-
SHA1
53e16533e924f19be7ebb55e66ceb29538e06ec8
-
SHA256
bf82785d05512cf87b68786d825bb01052fb28f7feb2d71a78f55728785e9481
-
SHA512
59614315c1dd357ba521378902e9d57bc1ad4c01de248cd3d1689a6039d6ebbfce634d90d116e76e7a7af93a7d663d0dd745dad5045bc9864f32a3b8f8424b2f
-
SSDEEP
196608:4TdoAiBTz+V38DUK0cwQdCQ0vt8TSbWDHJLzLjp4aX+:u0dz+b3QIZvLSJz6au
Static task
static1
Behavioral task
behavioral1
Sample
93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
cheat
127.0.0.1:1639
Targets
-
-
Target
93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032
-
Size
7.5MB
-
MD5
99dd387a62cb879c2aba502e556a6c93
-
SHA1
67ec4c2873787998a05ee62751384eb1a9b8a677
-
SHA256
93acd7f68e3f777d29f7f30b922da99fdaeaf71208378604b4c1d28bdfc1a032
-
SHA512
48e3a912e03e633375b4a1372e951aa7c2348f29a420bba1a5df354d8c26415b6bbbbea5707008d72dfd087a87d19996ec58b394c413ffdb296b1a8ec592b09d
-
SSDEEP
196608:G+QDCeRpnhgR/BQ+/Svwj47kuTkGfxDlDl:n6MQ+/SvwOvY4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-