General
-
Target
5bfda514826e4aad6f860d4a855f6ebb
-
Size
1.1MB
-
Sample
240115-ds2c9sgdaj
-
MD5
5bfda514826e4aad6f860d4a855f6ebb
-
SHA1
46c9fb3c70fa458f5af1b6238fbb92492dea91b5
-
SHA256
d38fb3d87631e08a1988115b93b84edd25b2c0353f59397af88440fef5844048
-
SHA512
7e82c546be3c40155948cd7f39e79900dd45a3dce55d8cf35556d4ad7653744fcff7523395ee11d36af755e3ba60e72600113b17b842e5c527fdbdad52977368
-
SSDEEP
24576:ZSLXnYt0osqcFIj/qpXUHccGMR1/Mih+bTnFYL1pFYwkF5RDgh8n9:io+qAY/qpE8+D/MimrFYRorFfg29
Static task
static1
Behavioral task
behavioral1
Sample
5bfda514826e4aad6f860d4a855f6ebb.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
sonia
94.103.82.22:49018
Targets
-
-
Target
5bfda514826e4aad6f860d4a855f6ebb
-
Size
1.1MB
-
MD5
5bfda514826e4aad6f860d4a855f6ebb
-
SHA1
46c9fb3c70fa458f5af1b6238fbb92492dea91b5
-
SHA256
d38fb3d87631e08a1988115b93b84edd25b2c0353f59397af88440fef5844048
-
SHA512
7e82c546be3c40155948cd7f39e79900dd45a3dce55d8cf35556d4ad7653744fcff7523395ee11d36af755e3ba60e72600113b17b842e5c527fdbdad52977368
-
SSDEEP
24576:ZSLXnYt0osqcFIj/qpXUHccGMR1/Mih+bTnFYL1pFYwkF5RDgh8n9:io+qAY/qpE8+D/MimrFYRorFfg29
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-