General
-
Target
6923ea64d4bf71ccdaff7dfad093f120N.exe
-
Size
647KB
-
Sample
240801-mjsjfazhja
-
MD5
6923ea64d4bf71ccdaff7dfad093f120
-
SHA1
2953565b3c190b34da44b6ecfacb2be9529e5317
-
SHA256
1d347d1d653653547112d9118d5346963bf78887f9f500c2598fd2f5d19700fa
-
SHA512
982c9efe19014e246b75b43230ca6cd5e42c11d1b4757f0f2a114e9fea5fd8d9ef5e9bc1ab49958212ddc48fde64b830ef19911bcbbf892dbe76a657dc204944
-
SSDEEP
12288:ISjofC1P1TAioAiXydFYdme2KE//r6J9VkgTJ73vmNlabHYk:Iq1VAiobydrr6ldj0o7
Static task
static1
Behavioral task
behavioral1
Sample
6923ea64d4bf71ccdaff7dfad093f120N.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
cheat
185.222.58.91:55615
Targets
-
-
Target
6923ea64d4bf71ccdaff7dfad093f120N.exe
-
Size
647KB
-
MD5
6923ea64d4bf71ccdaff7dfad093f120
-
SHA1
2953565b3c190b34da44b6ecfacb2be9529e5317
-
SHA256
1d347d1d653653547112d9118d5346963bf78887f9f500c2598fd2f5d19700fa
-
SHA512
982c9efe19014e246b75b43230ca6cd5e42c11d1b4757f0f2a114e9fea5fd8d9ef5e9bc1ab49958212ddc48fde64b830ef19911bcbbf892dbe76a657dc204944
-
SSDEEP
12288:ISjofC1P1TAioAiXydFYdme2KE//r6J9VkgTJ73vmNlabHYk:Iq1VAiobydrr6ldj0o7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-