General
-
Target
e8085ecf7923f4244540ba7ca37cdfcd25d85626ef5146e1fe9874fcb2b3eefc.zip
-
Size
507KB
-
Sample
241003-crangszbpj
-
MD5
9d35d32867eaadf6843a747136520684
-
SHA1
ddc42cb45f4176d0f29827eedf68d852e7d482c6
-
SHA256
e8085ecf7923f4244540ba7ca37cdfcd25d85626ef5146e1fe9874fcb2b3eefc
-
SHA512
9771cc69d24c631c92aeeee3d1bef9562c20bbaf13ba62d79277e962d42e99f873e616f0e126ce74ed4257dc6cae01821e243315cb88787e1f090ab2d860c9d0
-
SSDEEP
12288:RtHcmbJoWdQL9PV/9CPZVNMrHFSEmoYT1YixP:Pcm9oWdQp99CxVNMrHFJ1ixP
Static task
static1
Behavioral task
behavioral1
Sample
QB0r4QtlrplEWdQ.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
QB0r4QtlrplEWdQ.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
success-logs
147.182.130.25:16383
Targets
-
-
Target
QB0r4QtlrplEWdQ.exe
-
Size
617KB
-
MD5
fcc14969210d92d91800ce025b075381
-
SHA1
c233d2ba3d3367b96e5b14b94f14b4c88b001390
-
SHA256
0e1fb62097c161842c8ff7fd63904b00d0403a1cfffb961c1f1130f009bffcfb
-
SHA512
34a04239e3d300037a88331e71919b4a5cf4d0ba7dfb31f61847d6671b6388589c0ba36f8f12546d8d0ff1fb2b5a39a72e777a6b9e868eb3cd0648bb58c829d3
-
SSDEEP
12288:A1ZF8KZ3TdIz/yd0GNCtCPNV/MrH5SEqwdIZrjBh4:Aypz/EBotC1V/MrH5JqSIZnX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-