General
-
Target
3c8b1370b4a8b66294bc9e21f3fb78af1e14f843aec8611add16c700f9401005
-
Size
708KB
-
Sample
240417-qhfp2agh87
-
MD5
999060ef85877dc5a81f2c46f94cdbd3
-
SHA1
efc992c923f73f393d94cc493c3d289e225102d1
-
SHA256
3c8b1370b4a8b66294bc9e21f3fb78af1e14f843aec8611add16c700f9401005
-
SHA512
9c32fefe4677cf48092ea3a853fb3bea18ca86d4a5c1e5d599942a01da2b6b3251055648c6950070eab476dadf72b881feab78ee948d429e93974f0cf513ca16
-
SSDEEP
12288:cD6hM7j8piGwdNCfkfByyPkX2a/7+RJaZDlWbJaNM4koK4VTu9gD6wmMA0lgSdtT:tvpiTg8NkGaaiAtjPO1Fmb0lBdtT
Static task
static1
Behavioral task
behavioral1
Sample
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
185.222.58.253:55615
Targets
-
-
Target
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b.exe
-
Size
812KB
-
MD5
5c78467103a9fb1d14d55ec3b57e740f
-
SHA1
9f6805487a9a67f77e8cae1098ff9e8d24740917
-
SHA256
c26bd0f7c7c00b7cbe2545cf2f9240020f9498928f96091da19e1af943ac837b
-
SHA512
5c460ac6c28a874abb9f91e960eca2c7992372e0930dd12f2f44b18bc7e177ffd00b16f26d1a92680c21af2ebae514bfb51fd4f1ff061ed4340ac062129cd299
-
SSDEEP
12288:bxjrr7F5qfMs8WdGk+08n4sHWihcNm2F0WRSl8CRHQSv+bEIFjJxw6ZqIZsCh0N:bxLsMs8WdZ789WN3F0KuQUQXXZl9w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-