General
-
Target
7010fcef8ef1d66b47d9b802d2f4052e
-
Size
304KB
-
Sample
220523-hfpadsbhh9
-
MD5
7010fcef8ef1d66b47d9b802d2f4052e
-
SHA1
5b53fc31864104deb55a57e93be3c4bd2829af1e
-
SHA256
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
SHA512
eebd654ae44cfa628458444986ea98eb62f74f77138fb32425cee7bed8ad77e307250a92d709aea7b604e37f24b594ad69266e4db491168a8df0f4c799a6f9cc
Static task
static1
Behavioral task
behavioral1
Sample
7010fcef8ef1d66b47d9b802d2f4052e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7010fcef8ef1d66b47d9b802d2f4052e.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
7010fcef8ef1d66b47d9b802d2f4052e
-
Size
304KB
-
MD5
7010fcef8ef1d66b47d9b802d2f4052e
-
SHA1
5b53fc31864104deb55a57e93be3c4bd2829af1e
-
SHA256
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
SHA512
eebd654ae44cfa628458444986ea98eb62f74f77138fb32425cee7bed8ad77e307250a92d709aea7b604e37f24b594ad69266e4db491168a8df0f4c799a6f9cc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-