General
-
Target
7D2707C4A1D779E025917F865C103E4B.exe
-
Size
776KB
-
Sample
240717-de1vkswbjg
-
MD5
7d2707c4a1d779e025917f865c103e4b
-
SHA1
62c0d32e2662d32951b4aa172a2be8be7f3b0fbb
-
SHA256
13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5
-
SHA512
c9ae482eba6b3eef6d1a96838862fa79a96b99297effa99255647f45e73045e9a2bbeb287a13486ac49d647947a0a7fad0f43aa59fe65174a328b227e08dbb6f
-
SSDEEP
24576:LYYSZ54auRRAfJhXwlsnGSKxyBp9eGqqxO5X:2GyjUP9X
Static task
static1
Behavioral task
behavioral1
Sample
7D2707C4A1D779E025917F865C103E4B.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
cheat
185.222.57.153:55615
Targets
-
-
Target
7D2707C4A1D779E025917F865C103E4B.exe
-
Size
776KB
-
MD5
7d2707c4a1d779e025917f865c103e4b
-
SHA1
62c0d32e2662d32951b4aa172a2be8be7f3b0fbb
-
SHA256
13905f844c59906aaf353a12fc820dfeb56f5f1d781ca5b20e24bb20d1542ab5
-
SHA512
c9ae482eba6b3eef6d1a96838862fa79a96b99297effa99255647f45e73045e9a2bbeb287a13486ac49d647947a0a7fad0f43aa59fe65174a328b227e08dbb6f
-
SSDEEP
24576:LYYSZ54auRRAfJhXwlsnGSKxyBp9eGqqxO5X:2GyjUP9X
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-