General
-
Target
545e929d4444c8b17f5a1f5a08efc088.exe
-
Size
662KB
-
Sample
240111-y1cebsffbl
-
MD5
545e929d4444c8b17f5a1f5a08efc088
-
SHA1
57f6234b23349f4470693c772e1a3b3673109d8f
-
SHA256
6508c95b3207397a7bae85d516d87267e8789428f06e743618310e1cddef6f4b
-
SHA512
84501c2f9759c75366a0d6e63362244602bf8cdf9b80a4ea67a3c63197e7899380e0ac33fdf19f6966ae56468419218ff6ce59585507bf524835fcd45a09a03f
-
SSDEEP
12288:WqDLhsTt4fsSR036C5zpWl9ZY1gbH7QBcEolPwiIPH2:WqDLhSt4fsSRA6C5lWl9Zogj7QBcEolp
Static task
static1
Behavioral task
behavioral1
Sample
545e929d4444c8b17f5a1f5a08efc088.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
545e929d4444c8b17f5a1f5a08efc088.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
1853653057
185.250.206.122:43180
Targets
-
-
Target
545e929d4444c8b17f5a1f5a08efc088.exe
-
Size
662KB
-
MD5
545e929d4444c8b17f5a1f5a08efc088
-
SHA1
57f6234b23349f4470693c772e1a3b3673109d8f
-
SHA256
6508c95b3207397a7bae85d516d87267e8789428f06e743618310e1cddef6f4b
-
SHA512
84501c2f9759c75366a0d6e63362244602bf8cdf9b80a4ea67a3c63197e7899380e0ac33fdf19f6966ae56468419218ff6ce59585507bf524835fcd45a09a03f
-
SSDEEP
12288:WqDLhsTt4fsSR036C5zpWl9ZY1gbH7QBcEolPwiIPH2:WqDLhSt4fsSRA6C5lWl9Zogj7QBcEolp
-
Detect ZGRat V1
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-