General
-
Target
PO-Order 4500324718.js
-
Size
13KB
-
Sample
220627-j5j8eahgfr
-
MD5
71c88f653261f87d9cd0a4063e6fc71c
-
SHA1
87df9ea6783c73a020ded64c0078803fb8cdeaec
-
SHA256
4359703f5e67ae4318436b3c536079925851fcec08178fec87a478a56bffa3a9
-
SHA512
7a1803a75d5bff4956ba332a2e5e2dbdf8aa798ab1839bd7d860f8cc65b048260e402e401d14618a66241c292c53fa39e70093d87ffcd2e33f32a85a4617fc88
Static task
static1
Behavioral task
behavioral1
Sample
PO-Order 4500324718.js
Resource
win7-20220414-en
Malware Config
Extracted
redline
firstfile
103.153.79.195:24688
Targets
-
-
Target
PO-Order 4500324718.js
-
Size
13KB
-
MD5
71c88f653261f87d9cd0a4063e6fc71c
-
SHA1
87df9ea6783c73a020ded64c0078803fb8cdeaec
-
SHA256
4359703f5e67ae4318436b3c536079925851fcec08178fec87a478a56bffa3a9
-
SHA512
7a1803a75d5bff4956ba332a2e5e2dbdf8aa798ab1839bd7d860f8cc65b048260e402e401d14618a66241c292c53fa39e70093d87ffcd2e33f32a85a4617fc88
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
suricata: ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-