General
-
Target
7ac72b34135c477ed3a76b034ca8c88e.exe
-
Size
1.7MB
-
Sample
220516-nnw8vsccdr
-
MD5
7ac72b34135c477ed3a76b034ca8c88e
-
SHA1
55d8f7350b4227c48b9693b0c96ea2db71ec2c66
-
SHA256
b97ec7e0e3cb3922938a3ca6b41aa925f2347d4fe5fa16a09d00de770202b058
-
SHA512
ba589d69c5dc59e04b631bfb9098ab500cec3432a62e33a7cdb1da705fed26a45de8e01728c8ba29b326c78fbb9f37e3b2ea9fd945288e2ad3f4348c940eed99
Static task
static1
Behavioral task
behavioral1
Sample
7ac72b34135c477ed3a76b034ca8c88e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7ac72b34135c477ed3a76b034ca8c88e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
Ruzki 3k
194.87.71.5:12857
-
auth_value
a48aca103247e146d387585961a62d1a
Targets
-
-
Target
7ac72b34135c477ed3a76b034ca8c88e.exe
-
Size
1.7MB
-
MD5
7ac72b34135c477ed3a76b034ca8c88e
-
SHA1
55d8f7350b4227c48b9693b0c96ea2db71ec2c66
-
SHA256
b97ec7e0e3cb3922938a3ca6b41aa925f2347d4fe5fa16a09d00de770202b058
-
SHA512
ba589d69c5dc59e04b631bfb9098ab500cec3432a62e33a7cdb1da705fed26a45de8e01728c8ba29b326c78fbb9f37e3b2ea9fd945288e2ad3f4348c940eed99
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-