General
-
Target
2b05bd5f01ec91055ec3235fe0308758
-
Size
1.2MB
-
Sample
231231-grcv3abcek
-
MD5
2b05bd5f01ec91055ec3235fe0308758
-
SHA1
8fed0199247388c88870e20b15581353f7dc2ba9
-
SHA256
98012c9a8fe074b5514953c7cf7d70047a44bec639dda73d39d67283897465fb
-
SHA512
b7e14c8406fd09cddab6cb06bdf72f5ba91c1bf9ad8e546198ce937da7554efe64ce43b1e7ba7da0487a2ba462de8be18cf68f712383a443ec733d599a354646
-
SSDEEP
24576:+SLXMkT/pY/feR4IQfPsNTpNOC4r2U+73ux3Sa:t8kBY/M+8N3adMU3Sa
Static task
static1
Behavioral task
behavioral1
Sample
2b05bd5f01ec91055ec3235fe0308758.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
12
185.92.74.32:80
Targets
-
-
Target
2b05bd5f01ec91055ec3235fe0308758
-
Size
1.2MB
-
MD5
2b05bd5f01ec91055ec3235fe0308758
-
SHA1
8fed0199247388c88870e20b15581353f7dc2ba9
-
SHA256
98012c9a8fe074b5514953c7cf7d70047a44bec639dda73d39d67283897465fb
-
SHA512
b7e14c8406fd09cddab6cb06bdf72f5ba91c1bf9ad8e546198ce937da7554efe64ce43b1e7ba7da0487a2ba462de8be18cf68f712383a443ec733d599a354646
-
SSDEEP
24576:+SLXMkT/pY/feR4IQfPsNTpNOC4r2U+73ux3Sa:t8kBY/M+8N3adMU3Sa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-