General
-
Target
F37840944A4FB524B17D6F9C8EF20CE4.fil
-
Size
4.9MB
-
Sample
220729-xpv7madabk
-
MD5
f37840944a4fb524b17d6f9c8ef20ce4
-
SHA1
d1269e6ed28e04d4e977ca35ba8264191aa1a9c3
-
SHA256
bdd0e54346507ed5f33f4ef7f1261ce899764c64ec7eb0b2d722e509fc3b7b3a
-
SHA512
7cb39fb8e22c126e8132a75bab82297bd9176839546060a686f6540bab7405bcb4671dd41e5a2903e2d45894c0a111866a3fa95287cce4d175c627b0e9b7ca0c
Static task
static1
Behavioral task
behavioral1
Sample
F37840944A4FB524B17D6F9C8EF20CE4.exe
Resource
win7-20220715-en
Malware Config
Extracted
redline
allsup
193.150.103.38:18410
-
auth_value
e46711734d1a10599f62ed229e676578
Extracted
redline
top1
pemararslava.xyz:80
-
auth_value
e3ff30d1ffe0ffdb11211b351a0179a1
Extracted
redline
Lyla29.07
185.215.113.216:21921
-
auth_value
ce5605b2c036c2c3b7bdfb23dcf5f5a2
Targets
-
-
Target
F37840944A4FB524B17D6F9C8EF20CE4.fil
-
Size
4.9MB
-
MD5
f37840944a4fb524b17d6f9c8ef20ce4
-
SHA1
d1269e6ed28e04d4e977ca35ba8264191aa1a9c3
-
SHA256
bdd0e54346507ed5f33f4ef7f1261ce899764c64ec7eb0b2d722e509fc3b7b3a
-
SHA512
7cb39fb8e22c126e8132a75bab82297bd9176839546060a686f6540bab7405bcb4671dd41e5a2903e2d45894c0a111866a3fa95287cce4d175c627b0e9b7ca0c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-