General
-
Target
a84dc4822dcdf62bb8a2e6f61a33a25d
-
Size
876KB
-
Sample
240227-fx9xbahe7z
-
MD5
a84dc4822dcdf62bb8a2e6f61a33a25d
-
SHA1
e06315dd173c88c04be76f463e177e771e451830
-
SHA256
abca859951c7af8cfda8687a22f911d82f132085b4a3a638a0ec06d945143af2
-
SHA512
f546c2415bf33b1bfccd67e8e253228708be4063915b3aba9a7f1d97b76f5a9fb53c1288f42a0c6be7bb5ab975f2516d4108c9cfb7e3549d22909c53fd33df25
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
Static task
static1
Behavioral task
behavioral1
Sample
a84dc4822dcdf62bb8a2e6f61a33a25d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a84dc4822dcdf62bb8a2e6f61a33a25d.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
Build2_Mastif
95.181.157.69:8552
Targets
-
-
Target
a84dc4822dcdf62bb8a2e6f61a33a25d
-
Size
876KB
-
MD5
a84dc4822dcdf62bb8a2e6f61a33a25d
-
SHA1
e06315dd173c88c04be76f463e177e771e451830
-
SHA256
abca859951c7af8cfda8687a22f911d82f132085b4a3a638a0ec06d945143af2
-
SHA512
f546c2415bf33b1bfccd67e8e253228708be4063915b3aba9a7f1d97b76f5a9fb53c1288f42a0c6be7bb5ab975f2516d4108c9cfb7e3549d22909c53fd33df25
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-