General
-
Target
4fc03c15ef9949cbeb27fadd3b9c65ff798141bcb30590c6e770e79bc8232737.exe
-
Size
900KB
-
Sample
240502-bre3jach8t
-
MD5
768ead51112582920104d0f4bb5f0902
-
SHA1
2aab7b0d33e9662af0e8ab9c6f5b3171108efdb5
-
SHA256
4fc03c15ef9949cbeb27fadd3b9c65ff798141bcb30590c6e770e79bc8232737
-
SHA512
79b22df121afea9f987dda8a14a77c26460db0086881e68ec20587b1c0395ad5432e1ab7d34f50b7eabf6a47c9797d7107e82aeddcaf0c112c117b15b369d11f
-
SSDEEP
12288:pMfqXESqNnb4XKgpwzpZBl+F87bTvrW6C1C0vdXLE38CeWwa6nIz0t2jiCnSGc32:hBqNnb4Xlpir+67b1yCvsJait2uWRRb
Static task
static1
Behavioral task
behavioral1
Sample
4fc03c15ef9949cbeb27fadd3b9c65ff798141bcb30590c6e770e79bc8232737.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
45.137.22.186:55615
Targets
-
-
Target
4fc03c15ef9949cbeb27fadd3b9c65ff798141bcb30590c6e770e79bc8232737.exe
-
Size
900KB
-
MD5
768ead51112582920104d0f4bb5f0902
-
SHA1
2aab7b0d33e9662af0e8ab9c6f5b3171108efdb5
-
SHA256
4fc03c15ef9949cbeb27fadd3b9c65ff798141bcb30590c6e770e79bc8232737
-
SHA512
79b22df121afea9f987dda8a14a77c26460db0086881e68ec20587b1c0395ad5432e1ab7d34f50b7eabf6a47c9797d7107e82aeddcaf0c112c117b15b369d11f
-
SSDEEP
12288:pMfqXESqNnb4XKgpwzpZBl+F87bTvrW6C1C0vdXLE38CeWwa6nIz0t2jiCnSGc32:hBqNnb4Xlpir+67b1yCvsJait2uWRRb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with SmartAssembly
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-