General
-
Target
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14.exe
-
Size
8.2MB
-
Sample
210505-s1r3kyf766
-
MD5
5b6110f5767aba1d8f06be7f854250e9
-
SHA1
31e9a270b849ce51ecdd274ae72c4be2490322fa
-
SHA256
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14
-
SHA512
c8fed779968482653c4b40c66692f796489b04f9d692ecb209a03c6470c27163adfa3cbf9cbfe3c963c6841a74499ee443882ed0dea9c2901f33a58c54c3683c
Static task
static1
Behavioral task
behavioral1
Sample
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14.exe
Resource
win7v20210410
Malware Config
Extracted
redline
eumix4
crownnest.cyou:80
Targets
-
-
Target
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14.exe
-
Size
8.2MB
-
MD5
5b6110f5767aba1d8f06be7f854250e9
-
SHA1
31e9a270b849ce51ecdd274ae72c4be2490322fa
-
SHA256
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14
-
SHA512
c8fed779968482653c4b40c66692f796489b04f9d692ecb209a03c6470c27163adfa3cbf9cbfe3c963c6841a74499ee443882ed0dea9c2901f33a58c54c3683c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-