General
-
Target
install.exe
-
Size
355KB
-
Sample
211014-zzfk2abaen
-
MD5
fef580216c9fc6f662f11ad6c8dbd7eb
-
SHA1
37a18d20313a05c987e9c2081994c6365c17624d
-
SHA256
cc005ad9ad8411fda8398597954ce4f4210c978367f996e05ce01bba2833986c
-
SHA512
1280a3daf15ee604de3a8b80399436b64dcd8a61e8fdd7ce769792ce19a2889c7b56d4ff08bdac3955e0a0f691c4465d144a83e0fb47358ad9891f55f9948e3f
Static task
static1
Behavioral task
behavioral1
Sample
install.exe
Resource
win7-en-20210920
Malware Config
Extracted
redline
@noilase
92.119.113.189:21746
Targets
-
-
Target
install.exe
-
Size
355KB
-
MD5
fef580216c9fc6f662f11ad6c8dbd7eb
-
SHA1
37a18d20313a05c987e9c2081994c6365c17624d
-
SHA256
cc005ad9ad8411fda8398597954ce4f4210c978367f996e05ce01bba2833986c
-
SHA512
1280a3daf15ee604de3a8b80399436b64dcd8a61e8fdd7ce769792ce19a2889c7b56d4ff08bdac3955e0a0f691c4465d144a83e0fb47358ad9891f55f9948e3f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-