General
-
Target
74e9e75ac1a13c0b228581c7d81ec2cc
-
Size
2.3MB
-
Sample
231226-rkw1gadhcm
-
MD5
74e9e75ac1a13c0b228581c7d81ec2cc
-
SHA1
730c2a7a8d6e4b310ad8dab1e41698d839770071
-
SHA256
402ae20b6a6fe9aba08d29b69a517c400bb18353379d25d232cb86ba11788c0f
-
SHA512
469a6f9e8e6d3dd1c43f13fb809decb573f6567f25fcb256efcb98f10ddb8f2a112584620037dc0aa0d7e5e5a84cc4a9b30c6de4d0fe331fd08f33ca237f17bf
-
SSDEEP
49152:D5+hFGERYyZIPZwPf+DLwa7OMxqr9gRtUWxWN6w3XPhe88xiz8lVHTIioOFZQ+5:D5aFGEVIPZKf+/lXqrUtU4wvhe88xiqb
Static task
static1
Behavioral task
behavioral1
Sample
74e9e75ac1a13c0b228581c7d81ec2cc.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
@un6329
xetadycami.xyz:80
Targets
-
-
Target
74e9e75ac1a13c0b228581c7d81ec2cc
-
Size
2.3MB
-
MD5
74e9e75ac1a13c0b228581c7d81ec2cc
-
SHA1
730c2a7a8d6e4b310ad8dab1e41698d839770071
-
SHA256
402ae20b6a6fe9aba08d29b69a517c400bb18353379d25d232cb86ba11788c0f
-
SHA512
469a6f9e8e6d3dd1c43f13fb809decb573f6567f25fcb256efcb98f10ddb8f2a112584620037dc0aa0d7e5e5a84cc4a9b30c6de4d0fe331fd08f33ca237f17bf
-
SSDEEP
49152:D5+hFGERYyZIPZwPf+DLwa7OMxqr9gRtUWxWN6w3XPhe88xiz8lVHTIioOFZQ+5:D5aFGEVIPZKf+/lXqrUtU4wvhe88xiqb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-