General
-
Target
c6a8f3d39b2490346ec60813a441e1d6
-
Size
876KB
-
Sample
240313-xxfrxafd33
-
MD5
c6a8f3d39b2490346ec60813a441e1d6
-
SHA1
c66ed4bf05e754119a63d3d161d90b5af00224de
-
SHA256
cee2541ee22b95d488c239a3926b43d750988b246e00740d283d5f892f9939e3
-
SHA512
dacb10721f50d7e002bb1a0a7e9f7af2ad722775f506cf9732bacef6615e203a03c8d8a5c8fbb2773e11d5f6a7177d1072a191b707ef00600543f8262929b5d2
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
Static task
static1
Behavioral task
behavioral1
Sample
c6a8f3d39b2490346ec60813a441e1d6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c6a8f3d39b2490346ec60813a441e1d6.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
Build2_Mastif
95.181.157.69:8552
Targets
-
-
Target
c6a8f3d39b2490346ec60813a441e1d6
-
Size
876KB
-
MD5
c6a8f3d39b2490346ec60813a441e1d6
-
SHA1
c66ed4bf05e754119a63d3d161d90b5af00224de
-
SHA256
cee2541ee22b95d488c239a3926b43d750988b246e00740d283d5f892f9939e3
-
SHA512
dacb10721f50d7e002bb1a0a7e9f7af2ad722775f506cf9732bacef6615e203a03c8d8a5c8fbb2773e11d5f6a7177d1072a191b707ef00600543f8262929b5d2
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-