Overview
overview
10Static
static
3dc9f822b2f...45.zip
windows10-2004-x64
dc9f822b2f...45.zip
windows10-2004-x64
dc9f822b2f...45.zip
windows10-ltsc_2021-x64
dc9f822b2f...45.zip
windows11-21h2-x64
dc9f822b2f...45.zip
android-11-x64
dc9f822b2f...45.zip
android-13-x64
dc9f822b2f...45.zip
macos-10.15-amd64
dc9f822b2f...45.zip
ubuntu-18.04-amd64
dc9f822b2f...45.zip
debian-9-armhf
dc9f822b2f...45.zip
debian-9-mips
dc9f822b2f...45.zip
debian-9-mipsel
SAMPLE PICTURES.exe
windows11-21h2-x64
10SAMPLE PICTURES.exe
windows10-2004-x64
10SAMPLE PICTURES.exe
windows10-ltsc_2021-x64
10SAMPLE PICTURES.exe
windows11-21h2-x64
10SAMPLE PICTURES.exe
android-11-x64
SAMPLE PICTURES.exe
android-13-x64
SAMPLE PICTURES.exe
macos-10.15-amd64
SAMPLE PICTURES.exe
ubuntu-18.04-amd64
SAMPLE PICTURES.exe
debian-9-armhf
SAMPLE PICTURES.exe
debian-9-mips
SAMPLE PICTURES.exe
debian-9-mipsel
General
-
Target
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
-
Size
492KB
-
Sample
250331-sjekgavmw8
-
MD5
c929640b0e7a2874f73fe565aa65dc2e
-
SHA1
7dd1e7802aaa73808e6929281ef758bc1b4917c9
-
SHA256
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
-
SHA512
e1edbd1277de0229bffa364107a4e50127ed65c342663ab0cdc28f2760d44b3e370d6a264dbeb54a7f7f072f2c239aa436fc3d0d6841acf10631378be7d5f799
-
SSDEEP
6144:tiNMmZK9n9qvkXMupslTWk+3P9ATlp3VnkAa1nbeCGh+SoXPFVhwalx1S6uS7N+R:tuMkmQvkfslKk4olp3dkbeLh+r1Eiydf
Static task
static1
Behavioral task
behavioral1
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
win10v2004-20250314-en
Behavioral task
behavioral3
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral4
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
win11-20250313-en
Behavioral task
behavioral5
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral6
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral7
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
macos-20241106-en
Behavioral task
behavioral8
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral9
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral10
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral11
Sample
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45.zip
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral12
Sample
SAMPLE PICTURES.exe
Resource
win11-20250313-en
Behavioral task
behavioral13
Sample
SAMPLE PICTURES.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral14
Sample
SAMPLE PICTURES.exe
Resource
win10ltsc2021-20250314-en
Behavioral task
behavioral15
Sample
SAMPLE PICTURES.exe
Resource
win11-20250313-en
Behavioral task
behavioral16
Sample
SAMPLE PICTURES.exe
Resource
android-x64-arm64-20240910-en
Behavioral task
behavioral17
Sample
SAMPLE PICTURES.exe
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral18
Sample
SAMPLE PICTURES.exe
Resource
macos-20241101-en
Behavioral task
behavioral19
Sample
SAMPLE PICTURES.exe
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral20
Sample
SAMPLE PICTURES.exe
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral21
Sample
SAMPLE PICTURES.exe
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral22
Sample
SAMPLE PICTURES.exe
Resource
debian9-mipsel-20240729-en
Malware Config
Extracted
redline
cheat
45.137.22.105:55615
Targets
-
-
Target
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
-
Size
492KB
-
MD5
c929640b0e7a2874f73fe565aa65dc2e
-
SHA1
7dd1e7802aaa73808e6929281ef758bc1b4917c9
-
SHA256
dc9f822b2fa1f558d40206052e6687bfaf1f277d8b7355f687289860cdedec45
-
SHA512
e1edbd1277de0229bffa364107a4e50127ed65c342663ab0cdc28f2760d44b3e370d6a264dbeb54a7f7f072f2c239aa436fc3d0d6841acf10631378be7d5f799
-
SSDEEP
6144:tiNMmZK9n9qvkXMupslTWk+3P9ATlp3VnkAa1nbeCGh+SoXPFVhwalx1S6uS7N+R:tuMkmQvkfslKk4olp3dkbeLh+r1Eiydf
Score3/10 -
-
-
Target
SAMPLE PICTURES.exe
-
Size
585KB
-
MD5
f62a95ab467661683d70271eecd84dfc
-
SHA1
9a5a922ccbb24a62e9bf56445febd15b5c8c86d7
-
SHA256
3f83cef30d4248da1845b186eecd318462279200f8f3aa99a272ae8b41f7836c
-
SHA512
2959c899b2f28858cd3d7841c960797d6f0035df1d166574c2f7e26012bf01151073c9115082595e5f58bb1e313f22da8e9d75a2b9e6310895bac6549decf18e
-
SSDEEP
12288:/vtLlZ7sluuswl7q4lyze3h+141K4tAd:ntklzF5yyx+1oHKd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1