General
-
Target
QueueBypass.exe
-
Size
7.5MB
-
Sample
210727-p5bfklx7be
-
MD5
36420ae2ef8bc41c11ca7d5702bca7ea
-
SHA1
6f18ac973b05e3ede68b876797577026ed8a86bd
-
SHA256
438b26df4d4d0eef9ec19bccda633ac5298e489d5fef4b397a2724c80ab70ab5
-
SHA512
d22276c33d1dcc90c00e8f7cd97c659a59aeccff1d32c06fc68d4b5afc262e345a2ccb1b4a23e6319c1468532c1e0bf53e7ee82627d5296600e0a71840497498
Static task
static1
Behavioral task
behavioral1
Sample
QueueBypass.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@OxPhOenix
3.68.106.170:59223
Targets
-
-
Target
QueueBypass.exe
-
Size
7.5MB
-
MD5
36420ae2ef8bc41c11ca7d5702bca7ea
-
SHA1
6f18ac973b05e3ede68b876797577026ed8a86bd
-
SHA256
438b26df4d4d0eef9ec19bccda633ac5298e489d5fef4b397a2724c80ab70ab5
-
SHA512
d22276c33d1dcc90c00e8f7cd97c659a59aeccff1d32c06fc68d4b5afc262e345a2ccb1b4a23e6319c1468532c1e0bf53e7ee82627d5296600e0a71840497498
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-