General
-
Target
f5c34bd16d0615f1e39cfcb9a710e690N.exe
-
Size
1.7MB
-
Sample
240827-m8kj5ayhpn
-
MD5
f5c34bd16d0615f1e39cfcb9a710e690
-
SHA1
6424b760dc6cb2cf668ef522babfeb7e3faa59b7
-
SHA256
9a01d6ac3199098e0ed7323c677e27b5ec3175ac5799c8460da3b0b0885205dd
-
SHA512
730fa53cf1b8f16f4f4400a3fd4e5079785fa7aaae0c02feb35dbc617175d5705bebca6371d8198bccec66eb52e470c0d3f7f6620ed71ddaacc73da1094172ac
-
SSDEEP
12288:l5Y3fb/uuU1LhHFRwpWBBBBBBBVBBBBBBBBBBBiBBBBBBBBBBBBULlb6TW/3CrDN:Z8UG9
Static task
static1
Behavioral task
behavioral1
Sample
f5c34bd16d0615f1e39cfcb9a710e690N.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
@Niodiym
dishontesa.xyz:80
Extracted
redline
@wikech
ierinapu.xyz:80
Targets
-
-
Target
f5c34bd16d0615f1e39cfcb9a710e690N.exe
-
Size
1.7MB
-
MD5
f5c34bd16d0615f1e39cfcb9a710e690
-
SHA1
6424b760dc6cb2cf668ef522babfeb7e3faa59b7
-
SHA256
9a01d6ac3199098e0ed7323c677e27b5ec3175ac5799c8460da3b0b0885205dd
-
SHA512
730fa53cf1b8f16f4f4400a3fd4e5079785fa7aaae0c02feb35dbc617175d5705bebca6371d8198bccec66eb52e470c0d3f7f6620ed71ddaacc73da1094172ac
-
SSDEEP
12288:l5Y3fb/uuU1LhHFRwpWBBBBBBBVBBBBBBBBBBBiBBBBBBBBBBBBULlb6TW/3CrDN:Z8UG9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-