General
-
Target
94d9ec71d765987b11a7f3bbc5ab0c09fd607e74fe3a9d9abc2c1b53b40a0744
-
Size
308KB
-
Sample
220905-lfggbsefbq
-
MD5
42dcd9d15f8fd922b5c5b786d2129c40
-
SHA1
41e1cc3bff7af58708ea7512be6b308bfcee939f
-
SHA256
94d9ec71d765987b11a7f3bbc5ab0c09fd607e74fe3a9d9abc2c1b53b40a0744
-
SHA512
0a4ceec9b78c9052e437602f9786d7120d9746284995d4dbc95ee450439744ffb1633fe7ed527e923be3be9712861a6dd4c3e91ee886738969344ef6fcdeb0c4
-
SSDEEP
6144:tFVE4WG2I57ymtZxIGHi/oDYlcOIzgNlfig5OfYlqkp:lZ2y7ymzOu+hNln8k
Static task
static1
Behavioral task
behavioral1
Sample
94d9ec71d765987b11a7f3bbc5ab0c09fd607e74fe3a9d9abc2c1b53b40a0744.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
mettop1
xoralessh.xyz:80
-
auth_value
a8206072062ec5262484a012d246646b
Extracted
redline
Lyllkal.05.09
185.215.113.216:21921
-
auth_value
2df530f82cb4bd0f6bef5527a1d5de70
Targets
-
-
Target
94d9ec71d765987b11a7f3bbc5ab0c09fd607e74fe3a9d9abc2c1b53b40a0744
-
Size
308KB
-
MD5
42dcd9d15f8fd922b5c5b786d2129c40
-
SHA1
41e1cc3bff7af58708ea7512be6b308bfcee939f
-
SHA256
94d9ec71d765987b11a7f3bbc5ab0c09fd607e74fe3a9d9abc2c1b53b40a0744
-
SHA512
0a4ceec9b78c9052e437602f9786d7120d9746284995d4dbc95ee450439744ffb1633fe7ed527e923be3be9712861a6dd4c3e91ee886738969344ef6fcdeb0c4
-
SSDEEP
6144:tFVE4WG2I57ymtZxIGHi/oDYlcOIzgNlfig5OfYlqkp:lZ2y7ymzOu+hNln8k
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-