General
-
Target
17552106231.zip
-
Size
2.0MB
-
Sample
240531-wps7lagh67
-
MD5
dff799ae2a701057db88d532fe0db77c
-
SHA1
8de7510391b0fbde35da3e6590ad8ac3b8b65e49
-
SHA256
20949e43f91a68b9d58890336af1529dff4cba358a7e726bc0ebbaad77d24544
-
SHA512
c332c6d040914c11f377c68e6584d1baf3b22a86fbf9f2efc0404352c5868fc6a87c0cbe272fd321e91cde6c7d7d7c4dfbe77d79244ef65b66fe3d5be2a0f145
-
SSDEEP
49152:SsPuZtbUkpHGx2FnnkJYTD8KtLAaQgJmmShgW/6H1dA+vf:SxAiQYX8SQgJmdW+6H1dFH
Static task
static1
Behavioral task
behavioral1
Sample
05e17addb31f1ad7b2ab6ac4d7a4709439e9eeeb0993fbbd3fcb1b49802738af.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
05e17addb31f1ad7b2ab6ac4d7a4709439e9eeeb0993fbbd3fcb1b49802738af.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
05e17addb31f1ad7b2ab6ac4d7a4709439e9eeeb0993fbbd3fcb1b49802738af
-
Size
2.6MB
-
MD5
329f4bf425c3f6b61a32fb8ab71dd23f
-
SHA1
d8a76f861f2bea7609c2eada25dcefd63b1da230
-
SHA256
05e17addb31f1ad7b2ab6ac4d7a4709439e9eeeb0993fbbd3fcb1b49802738af
-
SHA512
04abcd737925b0dc2eeb5b8b66773a570ff262bf84f1fb02d1c983760a4e9fdec31af46a578da507acce094cdc23b290b61f1e2572d2318c04e4212943985380
-
SSDEEP
49152:o8xyN3v0q6YYRqML/5pzxzgFmxgq1O4x3/pl0d:omyN38eY0MPVgFIgaOsvpI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-