General
-
Target
88ad4dfc05f375f97a5ba9b10a8d5d6222cfa1250841ccc5dfe9189c09ad73d2
-
Size
3.6MB
-
Sample
241110-p5b5paxdrd
-
MD5
f41ed49eae48090e080537778600f33a
-
SHA1
c05a485d43c161511abf3f81cddcb9daee43b8b8
-
SHA256
88ad4dfc05f375f97a5ba9b10a8d5d6222cfa1250841ccc5dfe9189c09ad73d2
-
SHA512
b2c1f92622db96b156412f8b7ed0db29300bf0894299dcd63c7cddd7ff534c6753a8db75ec494d0a16cbf09156979d055685a8f5a832c8b01357c79bf5239d35
-
SSDEEP
98304:V2DKkQIE1lubSgUiwu1s76KMSbakXpV9ITgdAzQ8tjQD4+:W3jXXUfu1cMFkXPxdAzltj44+
Behavioral task
behavioral1
Sample
87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5.exe
Resource
win7-20241023-en
Malware Config
Extracted
redline
sp-19
38.91.100.57:32750
-
auth_value
7d992d9714ca3423d5efee4459c460c8
Targets
-
-
Target
87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5
-
Size
3.8MB
-
MD5
5297fc3e53d37d8d673c038dc55efebd
-
SHA1
f78c4cc2fa80af00cd84128a8a4bcd54b6768206
-
SHA256
87a53e43fc1a838c52130abe4607eb0ea70802f3b233e4e74c9edca5920ed2c5
-
SHA512
10ade61bbbafadb2cbe9726aaf445e3e3d02cfd36ae86b294c083ac5dd0a5e6fe8fbc421814f5438fd16601c19626f195df4a72eb9f98a06b9a7e1e6d3c19657
-
SSDEEP
98304:jJoqfS4A/EKZcD0X3lkRtWopFrdTQAI42+:NRFpD0X32GkdTQD4
-
Detect ZGRat V2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Zgrat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-