General
-
Target
73901a3bec1e7ba97a29bbfd7f76e4488df4c273ea6bdfe5e1e6e0b6e016ae55
-
Size
708KB
-
Sample
240417-qgcxragh39
-
MD5
10587ebd0e94068d9ee2144a50054c31
-
SHA1
8d0ce72c6a598f6c9397a085c3bc792a3cb05bb2
-
SHA256
73901a3bec1e7ba97a29bbfd7f76e4488df4c273ea6bdfe5e1e6e0b6e016ae55
-
SHA512
1f1a93785f5ea78c88071963462fd4e771e1c1ea89e0d9be68bd126a15f1781640bd13afaca2a60d334f6aedf7fbcf3b54cae7eae5d30a4935865e79f9654aa3
-
SSDEEP
12288:z1cBwg9Tu1cbA9xxf+d7hueXo6LtnZHTBBAV36kubdaEi93gvUXLvyyaa4I+z1aO:0z9TSPJ+d7huOznZHfe6kgQEhS61I+zh
Static task
static1
Behavioral task
behavioral1
Sample
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
185.222.58.253:55615
Targets
-
-
Target
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b.exe
-
Size
812KB
-
MD5
5c78467103a9fb1d14d55ec3b57e740f
-
SHA1
9f6805487a9a67f77e8cae1098ff9e8d24740917
-
SHA256
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b
-
SHA512
5c460ac6c28a874abb9f91e960eca2c7992372e0930dd12f2f44b18bc7e177ffd00b16f26d1a92680c21af2ebae514bfb51fd4f1ff061ed4340ac062129cd299
-
SSDEEP
12288:bxjrr7F5qfMs8WdGk+08n4sHWihcNm2F0WRSl8CRHQSv+bEIFjJxw6ZqIZsCh0N:bxLsMs8WdZ789WN3F0KuQUQXXZl9w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-