General
-
Target
S500 RAT.zip
-
Size
41.6MB
-
Sample
230928-rx2fqadd68
-
MD5
e965e26a748de8e772762b990e8b2444
-
SHA1
14d59ba82a1864ddcd702833eaa5fda25fc6cde5
-
SHA256
2100b0587c37d38428aafa6e17696ac99f86d57bef16c97d484f51ae54cb440f
-
SHA512
4962fc8b46ff66f28e2482fb367494868f770317e0f720a3b65b5602df481048f3ca3380c7318cbe8a4db4505f08e30209b319a4ea8f84b3c6df66001b748969
-
SSDEEP
786432:LhX8h0I2ufN4fDbjQl7oGfjTKuLfGLaHJh1PRyU41LsoGFl5/7l+7E+:mhPfNWbUl7oGrhhn1ZMCt5Dl3+
Behavioral task
behavioral1
Sample
S500 RAT.zip
Resource
win10v2004-20230915-en
Malware Config
Extracted
https://pastebin.com/raw/p2s7tDSd
Targets
-
-
Target
S500 RAT.zip
-
Size
41.6MB
-
MD5
e965e26a748de8e772762b990e8b2444
-
SHA1
14d59ba82a1864ddcd702833eaa5fda25fc6cde5
-
SHA256
2100b0587c37d38428aafa6e17696ac99f86d57bef16c97d484f51ae54cb440f
-
SHA512
4962fc8b46ff66f28e2482fb367494868f770317e0f720a3b65b5602df481048f3ca3380c7318cbe8a4db4505f08e30209b319a4ea8f84b3c6df66001b748969
-
SSDEEP
786432:LhX8h0I2ufN4fDbjQl7oGfjTKuLfGLaHJh1PRyU41LsoGFl5/7l+7E+:mhPfNWbUl7oGrhhn1ZMCt5Dl3+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-