General
-
Target
LauncherHack.exe
-
Size
871KB
-
Sample
211026-gxlp6ahgcl
-
MD5
73cd1c631d2b16bad553f6544b3ca81b
-
SHA1
49a8bdd9c4077d760d725c6e6aac4c7bc108409d
-
SHA256
76e52695140cea67ab0a37de1c2b89353df8b64dc43522f02ddf28abe72b21c7
-
SHA512
0454b82299ce5b519b07123b8bc5a9dc96c928d4756925f8f3b82db6d6dda44513379d438318021978863bacecf7a2794a41151ef1ab44a4c388c282e7cbbb49
Static task
static1
Behavioral task
behavioral1
Sample
LauncherHack.exe
Resource
win7-en-20210920
Malware Config
Extracted
redline
B16M1VAS
188.34.176.164:80
Targets
-
-
Target
LauncherHack.exe
-
Size
871KB
-
MD5
73cd1c631d2b16bad553f6544b3ca81b
-
SHA1
49a8bdd9c4077d760d725c6e6aac4c7bc108409d
-
SHA256
76e52695140cea67ab0a37de1c2b89353df8b64dc43522f02ddf28abe72b21c7
-
SHA512
0454b82299ce5b519b07123b8bc5a9dc96c928d4756925f8f3b82db6d6dda44513379d438318021978863bacecf7a2794a41151ef1ab44a4c388c282e7cbbb49
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-