General
-
Target
Order_confirmation#278367.exe
-
Size
117KB
-
Sample
230401-hn7rpshh41
-
MD5
b63f8266a958beb581b25b95a6b54040
-
SHA1
fb1193a13211cc4677e41417addf4f8fc3de9049
-
SHA256
f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
-
SHA512
d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
-
SSDEEP
3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807
Static task
static1
Behavioral task
behavioral1
Sample
Order_confirmation#278367.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
adm1234.duckdns.org:20603
Targets
-
-
Target
Order_confirmation#278367.exe
-
Size
117KB
-
MD5
b63f8266a958beb581b25b95a6b54040
-
SHA1
fb1193a13211cc4677e41417addf4f8fc3de9049
-
SHA256
f1293c371b785607051301ef4c0f8bfe0c34421539660c049b580ca9a2456d6e
-
SHA512
d8525b12347c9fea9320134f672ff3e40d1bd091a2cd004ac06c11236da9a43de0e1e657711bd06e01dc49d9f0b8c8f3ea8ff6869a2cd4e3a09a6866ebd30821
-
SSDEEP
3072:lnRIZA8/VwWYwXMYiG1IibG3gZ+e4j1FyYHVo17:lnuASw2NpbT807
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-