General
-
Target
1.exeoibzrmxk
-
Size
4.5MB
-
Sample
220416-f5pw4sehh5
-
MD5
f556df38b1abf7c5ef71b6bc040bfe93
-
SHA1
64a174173f3e4c46b8db36fa04f076dca5a3aac7
-
SHA256
60c63fafcbcb2655d7806d9715f1755db205a975ddf68421967a39a2abcfb11a
-
SHA512
0a74598fb4b4b256555c0e4b8e7b654cc0fcb6a18c16f9da912eeea4b24d79f66776e3484200277ff9705032ef60afca97639df4a273cedb2729d6dd085b598b
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
104.244.76.137:4487
-
auth_value
67c42657a2dc51f3323efd90a04a2b03
Targets
-
-
Target
1.exeoibzrmxk
-
Size
4.5MB
-
MD5
f556df38b1abf7c5ef71b6bc040bfe93
-
SHA1
64a174173f3e4c46b8db36fa04f076dca5a3aac7
-
SHA256
60c63fafcbcb2655d7806d9715f1755db205a975ddf68421967a39a2abcfb11a
-
SHA512
0a74598fb4b4b256555c0e4b8e7b654cc0fcb6a18c16f9da912eeea4b24d79f66776e3484200277ff9705032ef60afca97639df4a273cedb2729d6dd085b598b
Score10/10-
PhoenixStealer
PhoenixStealer is an information stealer written in the C++, it sends the stolen information to cybercriminals.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-