General
-
Target
Dijklander Hospital sheet for an allergic client.scr
-
Size
28.2MB
-
Sample
230723-jqd3vade92
-
MD5
78f02208b1ad70823473c716793549f6
-
SHA1
bffcebdb85df033df1f4101e482a8b506e8b5f5d
-
SHA256
594c356abf2b649f2df38a25ca6f3d43b43e842644ce90e3417ee0233a1d8a0c
-
SHA512
af3dd5fc70255d83d09a3c1fdc05f96f0fe990dbc63c9c3462a033f834714b204e10bd77d677d16b78daef885171e8ea1aee757594f2504914a552f946b0e09c
-
SSDEEP
196608:lxKGTSlTrIov0ZR+2DUoeVkHe0sUBF0zi9iM4TE2Do+61VPZuagcN:ljTPoviTzeu+0sLziL4Rkr1VPZ9nN
Malware Config
Extracted
redline
cvc3000605
5.42.64.53:22314
-
auth_value
1f284170dcea3a1083bac60eb1d3e05f
Targets
-
-
Target
Dijklander Hospital sheet for an allergic client.scr
-
Size
28.2MB
-
MD5
78f02208b1ad70823473c716793549f6
-
SHA1
bffcebdb85df033df1f4101e482a8b506e8b5f5d
-
SHA256
594c356abf2b649f2df38a25ca6f3d43b43e842644ce90e3417ee0233a1d8a0c
-
SHA512
af3dd5fc70255d83d09a3c1fdc05f96f0fe990dbc63c9c3462a033f834714b204e10bd77d677d16b78daef885171e8ea1aee757594f2504914a552f946b0e09c
-
SSDEEP
196608:lxKGTSlTrIov0ZR+2DUoeVkHe0sUBF0zi9iM4TE2Do+61VPZuagcN:ljTPoviTzeu+0sLziL4Rkr1VPZ9nN
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-