General
-
Target
7b62c5248337ebed283f82a912016f10N.exe
-
Size
524KB
-
Sample
240803-k5s1zstdnc
-
MD5
7b62c5248337ebed283f82a912016f10
-
SHA1
4d4e2a283cb5c7a1620e84d55f07451c1b2d39bc
-
SHA256
289bceeeff61db69d94891ce1436291f42c3548bcef78120ba770a21c81a9bf2
-
SHA512
72721ee2d70cde744a565a10c3472222a6aee5c6e0573ef9f475cd5f019ede0a4fbb127f132e12e1c0e5ca104ee3e3414a1c1139579a4d94a243a7f8b8440931
-
SSDEEP
12288:FK0QpjndCRVwqbwQkt7rllWxJzxv5rsi2IZl:FKTjdCvw7HkC
Static task
static1
Behavioral task
behavioral1
Sample
7b62c5248337ebed283f82a912016f10N.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
Newlogs
204.14.75.2:16383
Targets
-
-
Target
7b62c5248337ebed283f82a912016f10N.exe
-
Size
524KB
-
MD5
7b62c5248337ebed283f82a912016f10
-
SHA1
4d4e2a283cb5c7a1620e84d55f07451c1b2d39bc
-
SHA256
289bceeeff61db69d94891ce1436291f42c3548bcef78120ba770a21c81a9bf2
-
SHA512
72721ee2d70cde744a565a10c3472222a6aee5c6e0573ef9f475cd5f019ede0a4fbb127f132e12e1c0e5ca104ee3e3414a1c1139579a4d94a243a7f8b8440931
-
SSDEEP
12288:FK0QpjndCRVwqbwQkt7rllWxJzxv5rsi2IZl:FKTjdCvw7HkC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-