General
-
Target
15f948da0e0786ee883bc9714ee6b47a.bin
-
Size
710KB
-
Sample
240616-bgn8fswhjr
-
MD5
19ca200f76382d4e64ae151332824899
-
SHA1
bd35faf0493a2212aeec9110da7d6d5cea08b764
-
SHA256
f37c28f29f9ebba6ff413931a169d1e8979c1cf321ae4dc9521769b3c3bda4c4
-
SHA512
22ae2011231d8d0f50b9bc92b1d80b6607e2ea4f1c7394d01830c3ac112d5acde42faabfc68002d43fe386c8439d0d4dccef1e7cc06e65de0d3aa6df5379fcfa
-
SSDEEP
12288:l4svvlgD63kcwR4CsDnoJymXCRtgUJuyZ7+HT8Y+3EfjxHnhOIYtIexhAdrJVa/4:PSe3XwR4Cbk3RiaYHYY+3EdhZcxhI2J6
Static task
static1
Behavioral task
behavioral1
Sample
88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573.exe
Resource
win7-20240220-en
Malware Config
Extracted
redline
cheat
45.137.22.68:55615
Targets
-
-
Target
88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573.exe
-
Size
809KB
-
MD5
15f948da0e0786ee883bc9714ee6b47a
-
SHA1
13d0747a12ce2783ac3a1d225d760cd5b2ed1aa1
-
SHA256
88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573
-
SHA512
006913022a08797087c1a47e89f1fba3beef5eb7f925631d507e841f361b56fe7dbefa1a1a60c0f5542742ad71c0b142ab5f4d280bfd9bc50bf5f7018c6bb31e
-
SSDEEP
24576:aJr8tE+sQJRRGM3sU+7sdCGNcArcotgiko7ehxaFpmx9:aJ4LP1MsdV5c+g5OiaFM/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-