General
-
Target
d58258f9f6972729808031118cf33714a2fad1a64c34cc1693640b1a74bed3af
-
Size
359KB
-
Sample
220709-p8vq7secgk
-
MD5
df63834591c08e86c68c68a04c4a0f90
-
SHA1
48743959f09b1f081c14c35db9d4ca0f847f3a92
-
SHA256
d58258f9f6972729808031118cf33714a2fad1a64c34cc1693640b1a74bed3af
-
SHA512
be06a12d9b8ed77c08aad3227576e40d9511f9c257734bfb70b6ee1fa9fa636ade9ff5e3735e2b755d0ef1ad43908c70f1b15a073d64b5986b0e1456a3113571
Static task
static1
Behavioral task
behavioral1
Sample
d58258f9f6972729808031118cf33714a2fad1a64c34cc1693640b1a74bed3af.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
38.17.53.140:30686
-
auth_value
7d4c8895c781964b1dd3b37efbb922d8
Extracted
redline
193.233.193.49:11906
-
auth_value
ad5cd49e075db8527ecb265d0bf18710
Extracted
redline
1399237859
37.235.54.26:8362
Targets
-
-
Target
d58258f9f6972729808031118cf33714a2fad1a64c34cc1693640b1a74bed3af
-
Size
359KB
-
MD5
df63834591c08e86c68c68a04c4a0f90
-
SHA1
48743959f09b1f081c14c35db9d4ca0f847f3a92
-
SHA256
d58258f9f6972729808031118cf33714a2fad1a64c34cc1693640b1a74bed3af
-
SHA512
be06a12d9b8ed77c08aad3227576e40d9511f9c257734bfb70b6ee1fa9fa636ade9ff5e3735e2b755d0ef1ad43908c70f1b15a073d64b5986b0e1456a3113571
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-