General
-
Target
5738d596be68071de7786712b5410024
-
Size
2.3MB
-
Sample
240112-xfn2ysdefp
-
MD5
5738d596be68071de7786712b5410024
-
SHA1
6245023401af7c614e5dcb61d657f41c17233ccd
-
SHA256
03469423c7c63f0144fc8e3135db3efd65f0a15bbc80c374236792f820633310
-
SHA512
93e08c9d3c194f4fa290113eb9bae836b79f512ae2b8a0c68430c3acd4ac170d1f6d47b2ff3ce0d673651afed388ad8206acd9856122b7d95972e8c9827d2668
-
SSDEEP
49152:hYVPdezBnlW4Es4e3yIvLb59ou2cfJ6xiz8lVHTIioOFZQ+y:hkQlQ4tTP7xJ6xiqZ7y
Static task
static1
Behavioral task
behavioral1
Sample
5738d596be68071de7786712b5410024.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
@janhidf
45.14.12.90:52072
Targets
-
-
Target
5738d596be68071de7786712b5410024
-
Size
2.3MB
-
MD5
5738d596be68071de7786712b5410024
-
SHA1
6245023401af7c614e5dcb61d657f41c17233ccd
-
SHA256
03469423c7c63f0144fc8e3135db3efd65f0a15bbc80c374236792f820633310
-
SHA512
93e08c9d3c194f4fa290113eb9bae836b79f512ae2b8a0c68430c3acd4ac170d1f6d47b2ff3ce0d673651afed388ad8206acd9856122b7d95972e8c9827d2668
-
SSDEEP
49152:hYVPdezBnlW4Es4e3yIvLb59ou2cfJ6xiz8lVHTIioOFZQ+y:hkQlQ4tTP7xJ6xiqZ7y
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-