General
-
Target
ec0453e0735261daf96af26ddebba797b1394056812d40d9fbbc063f73513aa5
-
Size
976KB
-
Sample
240419-j5t3lsde5z
-
MD5
8a1d971b45cc4b91fbe2a98a14f1f7e9
-
SHA1
331b950e0d0ae79c362ae3fdac6ff5e8f02db280
-
SHA256
ec0453e0735261daf96af26ddebba797b1394056812d40d9fbbc063f73513aa5
-
SHA512
2c8913b0680eeeb505b9aabd9f5a7c060f92be1279b6585d820141ac2f41e26778fb83486ed9e3380de0e5f914f3f063fff60e0fcf017e59e4d451154daa0552
-
SSDEEP
24576:TxLsMs8WdXk89WycIljgE94nI0DkKesxgaai+pBkTx8:Bsld/9WyxlpYI0DkCvepBka
Static task
static1
Behavioral task
behavioral1
Sample
ec0453e0735261daf96af26ddebba797b1394056812d40d9fbbc063f73513aa5.exe
Resource
win7-20240220-en
Malware Config
Extracted
redline
cheat
185.222.58.99:55615
Targets
-
-
Target
ec0453e0735261daf96af26ddebba797b1394056812d40d9fbbc063f73513aa5
-
Size
976KB
-
MD5
8a1d971b45cc4b91fbe2a98a14f1f7e9
-
SHA1
331b950e0d0ae79c362ae3fdac6ff5e8f02db280
-
SHA256
ec0453e0735261daf96af26ddebba797b1394056812d40d9fbbc063f73513aa5
-
SHA512
2c8913b0680eeeb505b9aabd9f5a7c060f92be1279b6585d820141ac2f41e26778fb83486ed9e3380de0e5f914f3f063fff60e0fcf017e59e4d451154daa0552
-
SSDEEP
24576:TxLsMs8WdXk89WycIljgE94nI0DkKesxgaai+pBkTx8:Bsld/9WyxlpYI0DkCvepBka
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-