General
-
Target
5B6110F5767ABA1D8F06BE7F854250E9.exe
-
Size
8.2MB
-
Sample
210505-xr9lrcmsjj
-
MD5
5b6110f5767aba1d8f06be7f854250e9
-
SHA1
31e9a270b849ce51ecdd274ae72c4be2490322fa
-
SHA256
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14
-
SHA512
c8fed779968482653c4b40c66692f796489b04f9d692ecb209a03c6470c27163adfa3cbf9cbfe3c963c6841a74499ee443882ed0dea9c2901f33a58c54c3683c
Static task
static1
Behavioral task
behavioral1
Sample
5B6110F5767ABA1D8F06BE7F854250E9.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5B6110F5767ABA1D8F06BE7F854250E9.exe
Resource
win10v20210408
Malware Config
Extracted
redline
eumix4
crownnest.cyou:80
Targets
-
-
Target
5B6110F5767ABA1D8F06BE7F854250E9.exe
-
Size
8.2MB
-
MD5
5b6110f5767aba1d8f06be7f854250e9
-
SHA1
31e9a270b849ce51ecdd274ae72c4be2490322fa
-
SHA256
d5a6f4ae6a3c00252f1fe0a2aa69cc8327d722f6cf69388ad26f52428076fa14
-
SHA512
c8fed779968482653c4b40c66692f796489b04f9d692ecb209a03c6470c27163adfa3cbf9cbfe3c963c6841a74499ee443882ed0dea9c2901f33a58c54c3683c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-