General
-
Target
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
Size
304KB
-
Sample
220523-hmnbnscab9
-
MD5
7010fcef8ef1d66b47d9b802d2f4052e
-
SHA1
5b53fc31864104deb55a57e93be3c4bd2829af1e
-
SHA256
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
SHA512
eebd654ae44cfa628458444986ea98eb62f74f77138fb32425cee7bed8ad77e307250a92d709aea7b604e37f24b594ad69266e4db491168a8df0f4c799a6f9cc
Static task
static1
Malware Config
Extracted
redline
141.95.140.173:33470
-
auth_value
6d9508e5573e656e0dc3c4c5f8526d8e
Targets
-
-
Target
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
Size
304KB
-
MD5
7010fcef8ef1d66b47d9b802d2f4052e
-
SHA1
5b53fc31864104deb55a57e93be3c4bd2829af1e
-
SHA256
8a772d958134a2bd7d689795c721ffd43a29133f9f1076331778b6089977c7c9
-
SHA512
eebd654ae44cfa628458444986ea98eb62f74f77138fb32425cee7bed8ad77e307250a92d709aea7b604e37f24b594ad69266e4db491168a8df0f4c799a6f9cc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-