General
-
Target
1637661fced5903b3db6ad8f4633a729
-
Size
1.0MB
-
Sample
231230-mq1tdsbcgq
-
MD5
1637661fced5903b3db6ad8f4633a729
-
SHA1
877feda7fc9bcf645efb7c58382e8c398e7b4f9e
-
SHA256
634206b8256faa12b0664ad3b1fb101d26d884d761688193fee177ce8ed48723
-
SHA512
138c7ff28b0dab1ac095a9eded3684b68eaabdcba18f8fc860bfabab562ca5b4358aaf75a6d0644a44d440fab5a84d58eeaa813c8b2395074821635911736593
-
SSDEEP
24576:rSLXjRGOsO3AhBe1Qnh0aZP000Ibavym04b+Jimrn+0MwduFMMh9I/T6:EzRGOsO3AhBe1zaN00qy7HQmrn+lrFy6
Static task
static1
Behavioral task
behavioral1
Sample
1637661fced5903b3db6ad8f4633a729.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
Straight
2.56.59.35:43636
Targets
-
-
Target
1637661fced5903b3db6ad8f4633a729
-
Size
1.0MB
-
MD5
1637661fced5903b3db6ad8f4633a729
-
SHA1
877feda7fc9bcf645efb7c58382e8c398e7b4f9e
-
SHA256
634206b8256faa12b0664ad3b1fb101d26d884d761688193fee177ce8ed48723
-
SHA512
138c7ff28b0dab1ac095a9eded3684b68eaabdcba18f8fc860bfabab562ca5b4358aaf75a6d0644a44d440fab5a84d58eeaa813c8b2395074821635911736593
-
SSDEEP
24576:rSLXjRGOsO3AhBe1Qnh0aZP000Ibavym04b+Jimrn+0MwduFMMh9I/T6:EzRGOsO3AhBe1zaN00qy7HQmrn+lrFy6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-