General
-
Target
e8d945d2105bad763f3b1dc30f2b6142.exe
-
Size
395KB
-
Sample
210824-2x2jg94ame
-
MD5
e8d945d2105bad763f3b1dc30f2b6142
-
SHA1
4602b1216d9e6961f2398618bc525f54b45fa4c5
-
SHA256
29175495787385b647e6982e1743e0d928e278b44554662100f53a26a4d97907
-
SHA512
ae2ab2af1e798b33806e24b614382b4ebd98eb1f19d3731290a4f3463c15abb1847a8f442507d7b55c6cb2fa9e79732fb34dc313f5d9689ac15434d9d5858568
Static task
static1
Behavioral task
behavioral1
Sample
e8d945d2105bad763f3b1dc30f2b6142.exe
Resource
win7v20210410
Malware Config
Extracted
xloader
2.3
ec33
http://www.chaturvedi.fyi/ec33/
ride-hard.net
westindiesofficial.com
technewcomer.com
anwen.ink
smarthumanresource.com
aspenhillgetaway.com
westinventures.com
sercomp.pro
fitwoop.com
advertisingviews.site
stinato.com
kidsfundshoes.com
xaufuture.com
emaildesktophelp.com
hey-events.com
v-j9.com
eurekabox.net
export-rice.net
arcadems.com
thejackparker.com
paikewatch.com
genetics-nutrition.com
promoterconnect.com
shanghaihousechelmsford.com
csatec.com
michelevandykedc.com
guytongeorgiahomes.com
streetindo.com
webhost.directory
tohilldentistrysomerset.com
rocketcompaniessucks.net
stuconnect-app.com
outfitideas.today
xlht114.com
skandlstal.com
gonzalezpartyrentals.com
sabaigame.com
findthebestpricecar.com
amberandtomyoutube.com
ecopylesos.online
fineenclave.com
lbm120.com
x2emails.xyz
southernsidesolar.com
apptopshop.com
emilyreynoldsdesign.com
saraheve.com
356892.com
apsservicos.com
watertowerguy.com
streampee.com
dealndesign.com
cleanasbest.com
504cares.com
aaaemploymentagency.com
xtodosmexico.com
century21guyana.com
oisinreynolds.com
itsrightreview.com
affinitychin.guru
riderswall.com
investolog.com
lwwtrtwcf.icu
9968-info.com
Extracted
redline
3
deyrolorme.xyz:80
xariebelal.xyz:80
anihelardd.xyz:80
Targets
-
-
Target
e8d945d2105bad763f3b1dc30f2b6142.exe
-
Size
395KB
-
MD5
e8d945d2105bad763f3b1dc30f2b6142
-
SHA1
4602b1216d9e6961f2398618bc525f54b45fa4c5
-
SHA256
29175495787385b647e6982e1743e0d928e278b44554662100f53a26a4d97907
-
SHA512
ae2ab2af1e798b33806e24b614382b4ebd98eb1f19d3731290a4f3463c15abb1847a8f442507d7b55c6cb2fa9e79732fb34dc313f5d9689ac15434d9d5858568
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
XMRig Miner Payload
-
Xloader Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-