General
-
Target
EmNpZQKFsjAgeAss.exe
-
Size
502KB
-
Sample
230412-25qpashd4x
-
MD5
da3491ec1082ea275af89ded590fedbc
-
SHA1
af5a582a513f3b0c727551d5a1646b8b3f14bf2f
-
SHA256
1b33ac622d65ce8b666f4ed01549eaec45ee0b43242c073cf890bc6df61459e5
-
SHA512
67e8f450a0360a1aff737278c25fec3bf6ae485d813ba3bc3c311f6940d0754c88fb7818e556c44b4265dd436a3fbc4616882836003e6ef05c49117c54cd7766
-
SSDEEP
6144:i+B9OckfNSJuQQdrpFgi+OP1xN/R+5+59IYMbBmka/go6UhcX7elbKTu19bfF/Ho:i+nOcENSkQJi/N/RWw9vlkjo63X3uz
Static task
static1
Behavioral task
behavioral1
Sample
EmNpZQKFsjAgeAss.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
127.0.0.1:15235
Targets
-
-
Target
EmNpZQKFsjAgeAss.exe
-
Size
502KB
-
MD5
da3491ec1082ea275af89ded590fedbc
-
SHA1
af5a582a513f3b0c727551d5a1646b8b3f14bf2f
-
SHA256
1b33ac622d65ce8b666f4ed01549eaec45ee0b43242c073cf890bc6df61459e5
-
SHA512
67e8f450a0360a1aff737278c25fec3bf6ae485d813ba3bc3c311f6940d0754c88fb7818e556c44b4265dd436a3fbc4616882836003e6ef05c49117c54cd7766
-
SSDEEP
6144:i+B9OckfNSJuQQdrpFgi+OP1xN/R+5+59IYMbBmka/go6UhcX7elbKTu19bfF/Ho:i+nOcENSkQJi/N/RWw9vlkjo63X3uz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Suspicious use of SetThreadContext
-