General
-
Target
keygen nl brute for all versions.exe
-
Size
2.5MB
-
Sample
240422-fzd8esgd2z
-
MD5
3031c9d58c255711b79700d747d36b1d
-
SHA1
ccb729d3ae33ca7e6728a4a8420739296487c100
-
SHA256
12dbec48583dd54a0c61d52636c27174cae85070ce51d531baebf4d1b1682bbd
-
SHA512
8cf74395efdaed0a1e08da0e3f2aac062b4f52f62eb6304c7a396cc2d25e7840a2f89d51a799650438c184caf0739c11f761ca05f4ac850d0f0fb03bde8a7dc9
-
SSDEEP
49152:OXrjCVYUcZhsrPGqQBohMjku8IM3nk/f7KY1SKDIMgMkQlh/h1PDSrS4oqnAH:mKV+hsrx6oEku8I8yfbSkx1x7/h1PDV
Static task
static1
Behavioral task
behavioral1
Sample
keygen nl brute for all versions.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
keygen nl brute for all versions.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
keygen nl brute for all versions.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
cheat
5.181.80.133:46720
Targets
-
-
Target
keygen nl brute for all versions.exe
-
Size
2.5MB
-
MD5
3031c9d58c255711b79700d747d36b1d
-
SHA1
ccb729d3ae33ca7e6728a4a8420739296487c100
-
SHA256
12dbec48583dd54a0c61d52636c27174cae85070ce51d531baebf4d1b1682bbd
-
SHA512
8cf74395efdaed0a1e08da0e3f2aac062b4f52f62eb6304c7a396cc2d25e7840a2f89d51a799650438c184caf0739c11f761ca05f4ac850d0f0fb03bde8a7dc9
-
SSDEEP
49152:OXrjCVYUcZhsrPGqQBohMjku8IM3nk/f7KY1SKDIMgMkQlh/h1PDSrS4oqnAH:mKV+hsrx6oEku8I8yfbSkx1x7/h1PDV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-