General
-
Target
aeb176b163abebf2091d26f1ded5b3278643b0aa41b8d877f2e9b05045ad9eaa
-
Size
727KB
-
Sample
240417-rjgjdsbc95
-
MD5
5b18fc7e1214ddcb0fcb357ace95fafe
-
SHA1
7fb4f58f096b41cdcf9b2235cf22519b918c5fc9
-
SHA256
aeb176b163abebf2091d26f1ded5b3278643b0aa41b8d877f2e9b05045ad9eaa
-
SHA512
e3781fb30dfefe1933820ebb5e5ad42e56608953d9947192c3dfefef01064a00eaf9ff5d1d04474443e03aabce2dc3f27b4b679bb5834c790381d54a69f6ec62
-
SSDEEP
12288:R08SSSEDcXuHafEINKBG5nHyjA9GT0ZPr//vKnpPsv+fAOIPoEzwkBt:RhSSSJXu6fEwQ0nEav6pPe+f1Q0Yt
Static task
static1
Behavioral task
behavioral1
Sample
08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2.exe
Resource
win7-20231129-en
Malware Config
Extracted
redline
cheat
185.222.58.81:55615
Targets
-
-
Target
08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2.exe
-
Size
832KB
-
MD5
5012f29780880ad288bf842c576af67a
-
SHA1
2b36ea8fe138b32533bce35d8b2e0042e61e055b
-
SHA256
08f5c3a955867e25c57530a0a18e6b32d32da0426bc8693c6776e1f6bdab36e2
-
SHA512
414fd70c613ce5a5af2ce8dbe965d412b5b4f816ba3c0a96c1964f7906a236310d64bcd53ab44949f4ca72953d36bed4d405db4d2f98fc96875d09858e199ec3
-
SSDEEP
24576:bxLsMs8WdZ789WO7Xw6Ez4hHkpXqxB2lCyHIN:Jsldm9WOcsSpar2lFIN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-