General
-
Target
9747743518.zip
-
Size
101KB
-
Sample
230328-px215sba93
-
MD5
8d9d78cd1339e5b75f03060b04d508fe
-
SHA1
c4decad31ff32824b18c87b33c069b16568303ab
-
SHA256
55deb19da531e80ad41f3a41a1d9bd0d47ad1d6f9451a599008b388d5c145d84
-
SHA512
d17a550252fbb30f1064b9ba14349232b967cef858b98371ee0d517b320a9f1fda897ca583dc34de7909b736c25cae6749cbfce129e3d7325d00b5ccdc680518
-
SSDEEP
3072:Q2OW0hz0KxFDvZ9vVWizdlsANeyeViSryLh:Q2OeyFDLdWEswKrgh
Static task
static1
Behavioral task
behavioral1
Sample
f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
adm1234.duckdns.org:20603
Targets
-
-
Target
f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
-
Size
117KB
-
MD5
b63f8266a958beb581b25b95a6b54040
-
SHA1
fb1193a13211cc4677e41417addf4f8fc3de9049
-
SHA256
f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
-
SHA512
d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
-
SSDEEP
3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-