General
-
Target
CoreNixWindows.zip
-
Size
173.7MB
-
Sample
230331-b5cjkahe9v
-
MD5
9c7c9c9a9853b2aa329883dbe88aaefb
-
SHA1
6abb039e391bda0261ca94dd94c86ef7b90bdf18
-
SHA256
23ef5553e4d340ec31e522137c5e3c3beb1592047b9bf1976ab7ef548f6947db
-
SHA512
fde78005f87de85506dfe0e9c447b09d1d6927024c3a6cfd53b5eff77f94870b20b5e894855b8731da81a09887085f51ba780b914775cba4d23bee7ca99f25f6
-
SSDEEP
3145728:ws0p86g6SiSu4UqfjJt4LoGT9mAqygc6nfsNbPM0cJN8haTIpb:70pU6JSuIrJtoT9mJVgk0cf6Ppb
Behavioral task
behavioral1
Sample
CoreNixWindows.zip
Resource
win7-20230220-es
Malware Config
Targets
-
-
Target
CoreNixWindows.zip
-
Size
173.7MB
-
MD5
9c7c9c9a9853b2aa329883dbe88aaefb
-
SHA1
6abb039e391bda0261ca94dd94c86ef7b90bdf18
-
SHA256
23ef5553e4d340ec31e522137c5e3c3beb1592047b9bf1976ab7ef548f6947db
-
SHA512
fde78005f87de85506dfe0e9c447b09d1d6927024c3a6cfd53b5eff77f94870b20b5e894855b8731da81a09887085f51ba780b914775cba4d23bee7ca99f25f6
-
SSDEEP
3145728:ws0p86g6SiSu4UqfjJt4LoGT9mAqygc6nfsNbPM0cJN8haTIpb:70pU6JSuIrJtoT9mJVgk0cf6Ppb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-