General
-
Target
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c
-
Size
797KB
-
Sample
240715-j2753azaqh
-
MD5
ad86c5cb9f936936ffbae85f43bf2a40
-
SHA1
8c3916a0807b528dfbc52f2c7826d7e6cbc2320d
-
SHA256
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c
-
SHA512
7ad6645e4c7365ead5ce38853e3002ad184e2f67604439f32be8c13217e5f5e5c9df68f568d2c6bb16ceb947b6ecb949fad95032fc770ef88be8f7e93efe7c93
-
SSDEEP
12288:hVVx0xC0+wZHVUXLCZLiF/d6/7iDlpOWphcotUTEvkR:TVxEC7wZ6cLiFa7YlpOqhcotUEq
Static task
static1
Behavioral task
behavioral1
Sample
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
Commanderking
185.216.70.15:65012
Targets
-
-
Target
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c
-
Size
797KB
-
MD5
ad86c5cb9f936936ffbae85f43bf2a40
-
SHA1
8c3916a0807b528dfbc52f2c7826d7e6cbc2320d
-
SHA256
6e4a44c3de0e80fecece030c2d219e2d20f8bb73366172533f62297d1d5b1d6c
-
SHA512
7ad6645e4c7365ead5ce38853e3002ad184e2f67604439f32be8c13217e5f5e5c9df68f568d2c6bb16ceb947b6ecb949fad95032fc770ef88be8f7e93efe7c93
-
SSDEEP
12288:hVVx0xC0+wZHVUXLCZLiF/d6/7iDlpOWphcotUTEvkR:TVxEC7wZ6cLiFa7YlpOqhcotUEq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-