General
-
Target
b34526aa6b117d193c47b0e3a23d4145ab32bca9da64e5c1cf7ad74e1d37eae6
-
Size
310KB
-
Sample
220605-glgbasgeg9
-
MD5
0dafafddb4d1e562de61a3da899229a0
-
SHA1
eec5a759b066b0692a60e3cab4a66a2efd0a6f04
-
SHA256
b34526aa6b117d193c47b0e3a23d4145ab32bca9da64e5c1cf7ad74e1d37eae6
-
SHA512
db7e18317fe1f90c237cea9396d68224c9fa26e4303f5249fd58337abd71c0f7775afafff8f97d47c72e442660ba7ca88e94991ed29fd98d7748925314fc4775
Static task
static1
Behavioral task
behavioral1
Sample
b34526aa6b117d193c47b0e3a23d4145ab32bca9da64e5c1cf7ad74e1d37eae6.exe
Resource
win10-20220414-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
mario10_05_50k
176.122.23.55:32478
-
auth_value
8a0f0d4d76987def30f88d91e2c0388d
Targets
-
-
Target
b34526aa6b117d193c47b0e3a23d4145ab32bca9da64e5c1cf7ad74e1d37eae6
-
Size
310KB
-
MD5
0dafafddb4d1e562de61a3da899229a0
-
SHA1
eec5a759b066b0692a60e3cab4a66a2efd0a6f04
-
SHA256
b34526aa6b117d193c47b0e3a23d4145ab32bca9da64e5c1cf7ad74e1d37eae6
-
SHA512
db7e18317fe1f90c237cea9396d68224c9fa26e4303f5249fd58337abd71c0f7775afafff8f97d47c72e442660ba7ca88e94991ed29fd98d7748925314fc4775
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
XMRig Miner Payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-