General
-
Target
6903e33821d3a689d41e5e45cfd1e9bbb08109b741fe199b030e7e2875d7fbe5
-
Size
1.8MB
-
Sample
220523-hfsmtafchk
-
MD5
d836a3e33d4b12926305b2c06ffc64d2
-
SHA1
38960dd289e058379ed31ccc66ae9ad62eebe409
-
SHA256
6903e33821d3a689d41e5e45cfd1e9bbb08109b741fe199b030e7e2875d7fbe5
-
SHA512
af4fc4608624e7f616bed02a08a05cc4bbb7d16094eac3b125601460bd0662f5bf7a0431e94cc41b0deebd84a22e8a64b85d39e7fc7cdf1aaafbc1e4d4d8f23c
Static task
static1
Behavioral task
behavioral1
Sample
6903e33821d3a689d41e5e45cfd1e9bbb08109b741fe199b030e7e2875d7fbe5.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
6903e33821d3a689d41e5e45cfd1e9bbb08109b741fe199b030e7e2875d7fbe5
-
Size
1.8MB
-
MD5
d836a3e33d4b12926305b2c06ffc64d2
-
SHA1
38960dd289e058379ed31ccc66ae9ad62eebe409
-
SHA256
6903e33821d3a689d41e5e45cfd1e9bbb08109b741fe199b030e7e2875d7fbe5
-
SHA512
af4fc4608624e7f616bed02a08a05cc4bbb7d16094eac3b125601460bd0662f5bf7a0431e94cc41b0deebd84a22e8a64b85d39e7fc7cdf1aaafbc1e4d4d8f23c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-