General
-
Target
d89a39d0a639ab1ddb5326ce483c9629597e4a0ff9e86e2f9f5e02736b35c138
-
Size
458KB
-
Sample
240417-q18tjabg5y
-
MD5
7d18993427b7a8978b9620fcbe118b81
-
SHA1
f6c78d3365fc5279b64cc534dd98cab8db9c0810
-
SHA256
d89a39d0a639ab1ddb5326ce483c9629597e4a0ff9e86e2f9f5e02736b35c138
-
SHA512
50c2ef484de213fb0ba19320958fcc581897bfd64dd776c08b4388c887912002671af6b668303a8a62f239a599fc830d91f13f6f846a530ad49c30e6cfc89e34
-
SSDEEP
12288:KBUJNnux9DYXjX7FQOjZNhvKtUnn+/JbDL/Cq:KBUHnux9DORjZDvKmnnqRDL3
Static task
static1
Behavioral task
behavioral1
Sample
b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe
Resource
win7-20240215-en
Malware Config
Extracted
redline
cheat
185.222.58.244:55615
Targets
-
-
Target
b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c.exe
-
Size
477KB
-
MD5
7fb7ac175a0a249e320a5a296f4c2cd6
-
SHA1
8bdafce0468d3dc91f1b4000b2f289254ab1c0a4
-
SHA256
b582fac0b16e16390868882590ac8d81dc00ecd845bffa59a478baa11573617c
-
SHA512
456fa03a75c07f6152d332ce652cd076bb35544674f385860e99143c8f5c05bcc6c3de3abccb2fdc900fc22017e14cb7498efa6cdf46a61839d85aad4b3e7395
-
SSDEEP
12288:tXDZJb2c3l3MZ10ZVS3nwn3wzvqu5/WORM0a5WUkR:tXDGc3l3K0S30wziWWORMsT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-