General
-
Target
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978
-
Size
700.0MB
-
Sample
241108-3wyh8avpgq
-
MD5
76e4e31dd3e40ac6790c83fa48419a55
-
SHA1
f42363c9ca8325a47efd4f01f177702433d78ff8
-
SHA256
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978
-
SHA512
78ae771f67d5c1c66d2e8ffc1f3dd398b6cd87c6ee813e6108e0f0c8cdfb8cd656c82d3ec4fff7b9d9f84c31e0cfd00b613150bb6eb22ad942c00a5aed379b8e
-
SSDEEP
98304:NCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJP:N2qM+idivVNKbZfREVtc0PJP
Behavioral task
behavioral1
Sample
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978.exe
Resource
win7-20241023-en
Malware Config
Extracted
redline
ws-19
38.91.100.57:32750
-
auth_value
b8974207e31b05e60d39e04eba8eeb0b
Targets
-
-
Target
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978
-
Size
700.0MB
-
MD5
76e4e31dd3e40ac6790c83fa48419a55
-
SHA1
f42363c9ca8325a47efd4f01f177702433d78ff8
-
SHA256
661d2ed323c8703a7466774162972254589be4ab04abd6067d70ab44bc70d978
-
SHA512
78ae771f67d5c1c66d2e8ffc1f3dd398b6cd87c6ee813e6108e0f0c8cdfb8cd656c82d3ec4fff7b9d9f84c31e0cfd00b613150bb6eb22ad942c00a5aed379b8e
-
SSDEEP
98304:NCDnyTWzDCidsFXGAtljN36bZfRE7Rtc/vNK3egPJP:N2qM+idivVNKbZfREVtc0PJP
-
Detect ZGRat V2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-