General
-
Target
GloryHack.exe
-
Size
857KB
-
Sample
211205-t1y6wafea3
-
MD5
f5ca907b9390037f5ee5106abdc71927
-
SHA1
91471f2d090e8858d2945faeffa17af57b8b2eaa
-
SHA256
565b1484478b1644bd1e8954e079f653b8f71c9f16997d4b7fc53f83da609e35
-
SHA512
27d3ad7f40c8ee6983e09e23b858feedcf7cc6170e549f3394f05789ba6c00e547e43d68d3994c47410fde995417771086a7fcf48ee581d41e50970e62858a9f
Static task
static1
Behavioral task
behavioral1
Sample
GloryHack.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
GloryHack.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
185.215.113.57:50723
Targets
-
-
Target
GloryHack.exe
-
Size
857KB
-
MD5
f5ca907b9390037f5ee5106abdc71927
-
SHA1
91471f2d090e8858d2945faeffa17af57b8b2eaa
-
SHA256
565b1484478b1644bd1e8954e079f653b8f71c9f16997d4b7fc53f83da609e35
-
SHA512
27d3ad7f40c8ee6983e09e23b858feedcf7cc6170e549f3394f05789ba6c00e547e43d68d3994c47410fde995417771086a7fcf48ee581d41e50970e62858a9f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-