General
-
Target
QRT.rar
-
Size
563KB
-
Sample
210724-7jm1w8h5ce
-
MD5
23904d4c873b3ea5563baf68231dbbdf
-
SHA1
93e1c51b401f82d82b59fc27c197a4f39453f470
-
SHA256
e763077db1f7c1fd044500b89fb1470f841c688f3a6a91a983e4ed32b41cd1da
-
SHA512
b8675231a27c2c43610b3aea7366b140623bf87a169e7ad6a5cd6608e3f163331034a77aefa570316550c82e3dc28c963882374c092df6925b93b419884f4fb7
Static task
static1
Behavioral task
behavioral1
Sample
QRT/Engine.js
Resource
win7v20210408
Behavioral task
behavioral2
Sample
QRT/Engine.js
Resource
win10v20210408
Behavioral task
behavioral3
Sample
QRT/Run.exe
Resource
win7v20210410
Behavioral task
behavioral4
Sample
QRT/Run.exe
Resource
win10v20210410
Behavioral task
behavioral5
Sample
QRT/xNet.dll
Resource
win7v20210408
Behavioral task
behavioral6
Sample
QRT/xNet.dll
Resource
win10v20210410
Malware Config
Extracted
redline
king
95.217.123.66:5143
Targets
-
-
Target
QRT/Engine.js
-
Size
870KB
-
MD5
62ef5e3b94fef67f046b99b587fe013e
-
SHA1
5f36e3fb609a35f405ade92982b7205111dabc63
-
SHA256
125949ad84b6dff236614a3ef542f2a814b1024385fa9f9d64eb2403fd4b26fc
-
SHA512
06654013becdf9e20479bf3140bc57b1dce5ef5d1512749b61539318be00fc384cbb80f0aa3e69b8d9f3fe4cc0e4c08f7504fde6d654b0bc0c2086349cf934fb
Score1/10 -
-
-
Target
QRT/Run.exe
-
Size
335KB
-
MD5
773a73b58db42b4a9a401c7e1be205da
-
SHA1
bde374101e34185608e6c5845494e22144c6954c
-
SHA256
ce2ff7b57590b7da15183e8906a59c5cc94c786b44b6248c7dbe50dfceb917f2
-
SHA512
d91999dbdf130b9d44bc2cb0e577974381c288217e49cb062817d7cd22c83e35482d5464f0537652ef44ef4638c509bc566c540893b0383a637e931e043d505e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
QRT/xNet.dll
-
Size
2.9MB
-
MD5
0a56659cff9731c30ce87968cac0ef23
-
SHA1
4fdef03ec3da0a74ec89e369df486035a4995c6d
-
SHA256
ac5f7131a15c02620676ff6dc89ba6485bbe88aadd244d297586b438ce13c811
-
SHA512
6653a3b51518ec0c611ca8fa639d49747dd8cd03622358f10f48c82b41b6dad840047ed72a09a74ecf94e2ddd5e813bbe76cbdc916d3e5a65d63f816e00f3039
Score1/10 -