General
-
Target
QUOTE .js
-
Size
17KB
-
Sample
220624-kkwalsbbcq
-
MD5
d6b787f507ee09398e2011a56d184699
-
SHA1
d34ad5be20b28078dff0e74a6deadb8198b79503
-
SHA256
ee23aac95e9bf15da275f635fe526a244290b84b92217fc99706dca802693f72
-
SHA512
fc74b69ee7f1de5b7bb386885e37836d7ea783f47ad1cb1515f2a5c56aa4320c48882cd7fffe522aee22e454a8ec7646d655738d9d2b94c2cc47487a8c617c35
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE .js
Resource
win7-20220414-en
Malware Config
Extracted
redline
bigcash
45.137.22.137:37747
Targets
-
-
Target
QUOTE .js
-
Size
17KB
-
MD5
d6b787f507ee09398e2011a56d184699
-
SHA1
d34ad5be20b28078dff0e74a6deadb8198b79503
-
SHA256
ee23aac95e9bf15da275f635fe526a244290b84b92217fc99706dca802693f72
-
SHA512
fc74b69ee7f1de5b7bb386885e37836d7ea783f47ad1cb1515f2a5c56aa4320c48882cd7fffe522aee22e454a8ec7646d655738d9d2b94c2cc47487a8c617c35
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-