General
-
Target
6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe
-
Size
3.2MB
-
Sample
220122-2c4qfsddf8
-
MD5
7289c24e6e34cf7ed1d518152eb64eac
-
SHA1
e7996ee499e594195cf25be007ba862c299d50ab
-
SHA256
6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b
-
SHA512
ad106693e527b52e3eae061145f0dbdba7b2704458b8685108ce28ad4cd71b631d9dcb913c370396903a8372677b840c37e4192a8c641ed0ae692cf59e4fb632
Static task
static1
Behavioral task
behavioral1
Sample
6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
media12
91.121.67.60:2151
Extracted
redline
ANI
194.104.136.5:46013
Extracted
redline
she
135.181.129.119:4805
Targets
-
-
Target
6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe
-
Size
3.2MB
-
MD5
7289c24e6e34cf7ed1d518152eb64eac
-
SHA1
e7996ee499e594195cf25be007ba862c299d50ab
-
SHA256
6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b
-
SHA512
ad106693e527b52e3eae061145f0dbdba7b2704458b8685108ce28ad4cd71b631d9dcb913c370396903a8372677b840c37e4192a8c641ed0ae692cf59e4fb632
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-