General
-
Target
12ffa1176b818fa9f207f35ee65fb78c
-
Size
876KB
-
Sample
231230-jz3skaacg2
-
MD5
12ffa1176b818fa9f207f35ee65fb78c
-
SHA1
f94354dab1f9b9bc3cd2b9fe5ac58bdd455b29e8
-
SHA256
87b99b98b8ad4340eb617be1a91a09995f3d878f8b9b4a6e613593db894419cd
-
SHA512
f412968e059d18f3dbaf1e7d77f08e993e967b97e4edd72713142b6576d053dfbd241378b6ec5ffa8f3930b9d2f48ff9806c56ae2e5aa37c330cca2510ac55e0
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
Static task
static1
Behavioral task
behavioral1
Sample
12ffa1176b818fa9f207f35ee65fb78c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
12ffa1176b818fa9f207f35ee65fb78c.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
redline
Build2_Mastif
95.181.157.69:8552
Targets
-
-
Target
12ffa1176b818fa9f207f35ee65fb78c
-
Size
876KB
-
MD5
12ffa1176b818fa9f207f35ee65fb78c
-
SHA1
f94354dab1f9b9bc3cd2b9fe5ac58bdd455b29e8
-
SHA256
87b99b98b8ad4340eb617be1a91a09995f3d878f8b9b4a6e613593db894419cd
-
SHA512
f412968e059d18f3dbaf1e7d77f08e993e967b97e4edd72713142b6576d053dfbd241378b6ec5ffa8f3930b9d2f48ff9806c56ae2e5aa37c330cca2510ac55e0
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-