General
-
Target
4f7a427579f50779ecf321f86e06fc29
-
Size
304KB
-
Sample
220523-ha7vjsbhg4
-
MD5
4f7a427579f50779ecf321f86e06fc29
-
SHA1
1d4133535b7ba2e52871ba3d84a6d03d89ea59ce
-
SHA256
32dbd23da3165e24cca4714f1b822d02f7056fb7bf21e687ae5506109f223b3f
-
SHA512
2ee1dd0860f666a1f98255044f93de8147bcb1b6757da78cd4d93cdd281525a393a6d5914731a36b4d64a4080472688e9ecbc51e2c1fe9cd799c67a84f1ab402
Static task
static1
Behavioral task
behavioral1
Sample
4f7a427579f50779ecf321f86e06fc29.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
141.95.140.173:33470
-
auth_value
ccdf86c63434db56ca19a6af104c916b
Targets
-
-
Target
4f7a427579f50779ecf321f86e06fc29
-
Size
304KB
-
MD5
4f7a427579f50779ecf321f86e06fc29
-
SHA1
1d4133535b7ba2e52871ba3d84a6d03d89ea59ce
-
SHA256
32dbd23da3165e24cca4714f1b822d02f7056fb7bf21e687ae5506109f223b3f
-
SHA512
2ee1dd0860f666a1f98255044f93de8147bcb1b6757da78cd4d93cdd281525a393a6d5914731a36b4d64a4080472688e9ecbc51e2c1fe9cd799c67a84f1ab402
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-