General
-
Target
c9da2adf58898fe1cdd9c8318347ad9f4f71c67e3426c3eeec365bccf5f53088
-
Size
234KB
-
Sample
210825-lgsgwd9fps
-
MD5
be33a8818cc056d5f773c8d0d7367419
-
SHA1
9e8b10e0fa182ba77d5cd696ed7353cd6be82349
-
SHA256
c9da2adf58898fe1cdd9c8318347ad9f4f71c67e3426c3eeec365bccf5f53088
-
SHA512
9205cb33ae340225c541db517721085e6ddf5281bafa60f3ddfbaaefc33423a2ea97adbf3a7d684ba59ca20e01224e726ad33cf1ce035070fbecb4515cd0d78f
Static task
static1
Behavioral task
behavioral1
Sample
c9da2adf58898fe1cdd9c8318347ad9f4f71c67e3426c3eeec365bccf5f53088.exe
Resource
win10v20210410
Malware Config
Extracted
redline
3
deyrolorme.xyz:80
xariebelal.xyz:80
anihelardd.xyz:80
Targets
-
-
Target
c9da2adf58898fe1cdd9c8318347ad9f4f71c67e3426c3eeec365bccf5f53088
-
Size
234KB
-
MD5
be33a8818cc056d5f773c8d0d7367419
-
SHA1
9e8b10e0fa182ba77d5cd696ed7353cd6be82349
-
SHA256
c9da2adf58898fe1cdd9c8318347ad9f4f71c67e3426c3eeec365bccf5f53088
-
SHA512
9205cb33ae340225c541db517721085e6ddf5281bafa60f3ddfbaaefc33423a2ea97adbf3a7d684ba59ca20e01224e726ad33cf1ce035070fbecb4515cd0d78f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-