General
-
Target
C4Loader.exe
-
Size
2.2MB
-
Sample
220607-xvglesdgel
-
MD5
5e0b3c359fcc36dfa50f09642e628fd3
-
SHA1
88ca1402ca389c6fe41e13da53b27722f9dea253
-
SHA256
95a32c06589042c29fc2879bc7e55866664628a0bf1a5180ec92f9b4c52c01cb
-
SHA512
eaca6ef4448550d83b63ea4ca2f7c5817a23515e5f74d61eb0e79eafe9c0450d16854054dac2d777a16b19065d4e7d6aa47661715ca05c8646d7c8f63c795545
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
new1
194.87.186.140:46703
-
auth_value
1f11240703f5c67f15da5cf49122762c
Targets
-
-
Target
C4Loader.exe
-
Size
2.2MB
-
MD5
5e0b3c359fcc36dfa50f09642e628fd3
-
SHA1
88ca1402ca389c6fe41e13da53b27722f9dea253
-
SHA256
95a32c06589042c29fc2879bc7e55866664628a0bf1a5180ec92f9b4c52c01cb
-
SHA512
eaca6ef4448550d83b63ea4ca2f7c5817a23515e5f74d61eb0e79eafe9c0450d16854054dac2d777a16b19065d4e7d6aa47661715ca05c8646d7c8f63c795545
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Possible privilege escalation attempt
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-