General
-
Target
b0f34e6d095cf54df8c7551443541824
-
Size
1.2MB
-
Sample
240304-chsspsfg58
-
MD5
b0f34e6d095cf54df8c7551443541824
-
SHA1
5acb9ead5daeb93fd0fa3fdb3f5b36552c3437b4
-
SHA256
8d6ceb54bdbe22963289973d96475e5ed61d0693d08f80480b5478c5353a98df
-
SHA512
0eaf4744ab1fd3929679dc8462baf8cb957c3cf9951530c056b6460be7209f13fdaf2ebd14ba4f7ded5871a1d2c9cbcdd0885e4b5ccc2c18e71055b795cebfaf
-
SSDEEP
24576:z7WMnjoBal9R9sr/aWMHnRV/VVTFtC9gw5tW3TOuHuWF0ZoFq0gW:3RNnRjWMxHVO6n3iZoso
Static task
static1
Behavioral task
behavioral1
Sample
b0f34e6d095cf54df8c7551443541824.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
2
fiamedanes.xyz:80
Targets
-
-
Target
b0f34e6d095cf54df8c7551443541824
-
Size
1.2MB
-
MD5
b0f34e6d095cf54df8c7551443541824
-
SHA1
5acb9ead5daeb93fd0fa3fdb3f5b36552c3437b4
-
SHA256
8d6ceb54bdbe22963289973d96475e5ed61d0693d08f80480b5478c5353a98df
-
SHA512
0eaf4744ab1fd3929679dc8462baf8cb957c3cf9951530c056b6460be7209f13fdaf2ebd14ba4f7ded5871a1d2c9cbcdd0885e4b5ccc2c18e71055b795cebfaf
-
SSDEEP
24576:z7WMnjoBal9R9sr/aWMHnRV/VVTFtC9gw5tW3TOuHuWF0ZoFq0gW:3RNnRjWMxHVO6n3iZoso
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-