General
-
Target
dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
-
Size
465KB
-
Sample
211119-r56qeaafdj
-
MD5
53e31cda31669abf73419e9840c7ba25
-
SHA1
cdb6af34c648a5c229a8f82e5f1960ef98446818
-
SHA256
dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
-
SHA512
d6972f2c3d2e9104c35337ad173f74ce1aaaac95ecabade0d9031a8bf5b6a8d27a7978b355cc5d931da08cc99b3f1e42f1abd7a0232c1c4bbd4f9371a2e51a47
Static task
static1
Malware Config
Extracted
redline
jaromawanave.xyz:80
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
-
Size
465KB
-
MD5
53e31cda31669abf73419e9840c7ba25
-
SHA1
cdb6af34c648a5c229a8f82e5f1960ef98446818
-
SHA256
dcc378bb0a279a1bdb4ba39d6cc54aadab09a162aa2dfbc58b1d7da63db56614
-
SHA512
d6972f2c3d2e9104c35337ad173f74ce1aaaac95ecabade0d9031a8bf5b6a8d27a7978b355cc5d931da08cc99b3f1e42f1abd7a0232c1c4bbd4f9371a2e51a47
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-