General
-
Target
a6a62f2848be6b0d8cdb1372f5ed58d4.exe
-
Size
7.0MB
-
Sample
210505-yc46hm2skj
-
MD5
a6a62f2848be6b0d8cdb1372f5ed58d4
-
SHA1
7d3d18501a0480e99a44a6b3cfa5a686cfe1930d
-
SHA256
7c7cff0a48bcfe565fb02e3a39087ce2ad56d5b1c57b229f2d0142f41b7ab191
-
SHA512
b4b617aba40aa691194978ebb70865b32445e7bdc5966524c392600cf6392fe7cf491ebf6b4fd71fec87d1c4c1c2e58c147094dc61045560363b4a7026d0af52
Static task
static1
Behavioral task
behavioral1
Sample
a6a62f2848be6b0d8cdb1372f5ed58d4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a6a62f2848be6b0d8cdb1372f5ed58d4.exe
Resource
win10v20210410
Malware Config
Extracted
redline
baskarservnew
87.251.71.193:20119
Extracted
redline
RUZKI
Sthellete.xyz:80
Extracted
fickerstealer
truzen.site:80
Targets
-
-
Target
a6a62f2848be6b0d8cdb1372f5ed58d4.exe
-
Size
7.0MB
-
MD5
a6a62f2848be6b0d8cdb1372f5ed58d4
-
SHA1
7d3d18501a0480e99a44a6b3cfa5a686cfe1930d
-
SHA256
7c7cff0a48bcfe565fb02e3a39087ce2ad56d5b1c57b229f2d0142f41b7ab191
-
SHA512
b4b617aba40aa691194978ebb70865b32445e7bdc5966524c392600cf6392fe7cf491ebf6b4fd71fec87d1c4c1c2e58c147094dc61045560363b4a7026d0af52
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-