General
-
Target
HMC.exe
-
Size
3.0MB
-
Sample
240527-nyxx5sac6w
-
MD5
6e4727684bbce2a7e6ce6824792c5cd8
-
SHA1
d20e40c0e81476dbecdbe859931a25d279fc055e
-
SHA256
3c0d3ca35dcf977eade9897106a46ae8def8d1eecd757cc07e31bd13b00d2198
-
SHA512
5c55bda7008c5c54c8122e7934c3ef0f70325138a4fbff4201d430fccac13d4ade2b9be8aa86e1b8969bc26f84303d2ccb1a20cd1980ba7a85013d37a0024200
-
SSDEEP
24576:fVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xty:fVeBB2kMOnYUvPb
Behavioral task
behavioral1
Sample
HMC.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
CHECKER
41.216.183.150:32356
Targets
-
-
Target
HMC.exe
-
Size
3.0MB
-
MD5
6e4727684bbce2a7e6ce6824792c5cd8
-
SHA1
d20e40c0e81476dbecdbe859931a25d279fc055e
-
SHA256
3c0d3ca35dcf977eade9897106a46ae8def8d1eecd757cc07e31bd13b00d2198
-
SHA512
5c55bda7008c5c54c8122e7934c3ef0f70325138a4fbff4201d430fccac13d4ade2b9be8aa86e1b8969bc26f84303d2ccb1a20cd1980ba7a85013d37a0024200
-
SSDEEP
24576:fVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xty:fVeBB2kMOnYUvPb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-