General
-
Target
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970.exe
-
Size
364KB
-
Sample
240427-b2jtgagd36
-
MD5
1544dbca0efc2c0105dd7d52a21a8891
-
SHA1
7fbacdb27457829215cd182eab0a4e4bb4379648
-
SHA256
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970
-
SHA512
2b5cd7536e41c53d6538302c7c8b471e3a5b94926d50833c09c7e737659b8bba4c33ff02521502c90c65c11fea406a05323ff05f4fc529e54d7517653bc9e471
-
SSDEEP
6144:1fL+oqZLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLPLLLLLLLW:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLLu
Static task
static1
Behavioral task
behavioral1
Sample
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
⠨/start.vbs
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
⠨/start.vbs
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
⠨/temp.bat
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
⠨/temp.bat
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
5.42.92.179:18418
Targets
-
-
Target
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970.exe
-
Size
364KB
-
MD5
1544dbca0efc2c0105dd7d52a21a8891
-
SHA1
7fbacdb27457829215cd182eab0a4e4bb4379648
-
SHA256
d5038b0adfdfc36c23dbaafd982bb50bb0e9fc10838e731e10d182d91b28d970
-
SHA512
2b5cd7536e41c53d6538302c7c8b471e3a5b94926d50833c09c7e737659b8bba4c33ff02521502c90c65c11fea406a05323ff05f4fc529e54d7517653bc9e471
-
SSDEEP
6144:1fL+oqZLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLPLLLLLLLW:1fLwLLLLLLLLLLLLLLLLLLLLLLLLLLLu
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
-
-
Target
⠨/start.vbs
-
Size
170B
-
MD5
65ee9f906fdefca9b4a6a21581dd849f
-
SHA1
b372dea5a9b9a99311445a55b634aa8f6c1d7b9d
-
SHA256
087f43e7f9f78bbeb1050cdbfaeb3d23ad7b4b742d6ef91229b8824a20daaee6
-
SHA512
1f593864f52ac61f7f4ef2aa1bfcf538dd2833e53bbd931f96c42b2ca90d2bf68545fdac547f0f3cce09ad7734acdb629bf642081227a996d3d22117263ad23a
Score1/10 -
-
-
Target
⠨/temp.bat
-
Size
318KB
-
MD5
36b4c4d03ab02764f2e47e30dbb6c71e
-
SHA1
e334f09316c3c468edc1b2002f18aa886324c1fa
-
SHA256
c94456d2617c5624a7feb6c47d0c0ab0f44efecb3f5b17f38e79aeb915f3d883
-
SHA512
be8b27f19a223b422b0c9bc3eeb775da5595570988b5d8fee0856c398ab0befcd6c9e86d75483afbe5f8b938278fcfc9f3efac2fd8a25fbf55e213a56c34860b
-
SSDEEP
6144:hSDgBmX4h5x6Q6cPCGUFn6uXzcKZuzVLyFBnPfWjD/DoEMs:bB5uQ6uiJXzcKZu9MlU/kTs
Score1/10 -