General
-
Target
11c44321c1149eb15ddc7b239bde11ca8f707b016590337930abe57c993a814b
-
Size
727KB
-
Sample
240417-rjbm5sbc86
-
MD5
2bd4e34f76a1978948fd0cd5c7f20f1d
-
SHA1
1234c872c5b7aff3bc247ecbb9a8988eaab99acb
-
SHA256
11c44321c1149eb15ddc7b239bde11ca8f707b016590337930abe57c993a814b
-
SHA512
47f4996a1a6f3d2d460bb28dc1a21c86aa22981565a6ac8484aa5fc47b0126dc525fa690c31e7632fec27acb69fee5468060cc535cf1f734e83d58f0c4c952be
-
SSDEEP
12288:Iw2jAnB5myrkYAkE/vYX1u5aXzRlHWKa7zGGvX94NsADJuPNyCelRdqAiY:52EnWhe00Xrzmzjf4NMyCeEY
Static task
static1
Behavioral task
behavioral1
Sample
42e3d565eda0f71ab0fee6bd5af9a9ebb93014f83071c61c790b50dc7097aa26.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
45.137.22.156:55615
Targets
-
-
Target
42e3d565eda0f71ab0fee6bd5af9a9ebb93014f83071c61c790b50dc7097aa26.exe
-
Size
832KB
-
MD5
87b46d387df52e0f8f206828f55474f8
-
SHA1
12db5c826eae1acfcf27a13cbc81730f12505e97
-
SHA256
42e3d565eda0f71ab0fee6bd5af9a9ebb93014f83071c61c790b50dc7097aa26
-
SHA512
9bb7912f569262565789b0142b426441f6f439f42fa7500c1e9f644b4342a6f92a4eb1076600038f17075e09159e1ad85e704aca4d165da18cacc6817e2ed3e7
-
SSDEEP
24576:bxLsMs8WdZ7837dpyD2SYKbbujX5HwZRRLbtQeI8WV:Jsldm3h5S4jJHYRLbtQMWV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-