General
-
Target
3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3
-
Size
146KB
-
Sample
221001-mhdnwsfha5
-
MD5
f882f6c0b8bd0ed1fda637d8f314d255
-
SHA1
981f1105ccbbc303c400a006b851122dbca74241
-
SHA256
3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3
-
SHA512
fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c
-
SSDEEP
3072:mdtX6r5bx/RnCa58nh0JlSI7FqdrCREk1:YqrJTCqfSiFqdrCOk1
Static task
static1
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Extracted
asyncrat
0.5.7B
Default
sadcgvc.duckdns.org:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3
-
Size
146KB
-
MD5
f882f6c0b8bd0ed1fda637d8f314d255
-
SHA1
981f1105ccbbc303c400a006b851122dbca74241
-
SHA256
3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3
-
SHA512
fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c
-
SSDEEP
3072:mdtX6r5bx/RnCa58nh0JlSI7FqdrCREk1:YqrJTCqfSiFqdrCOk1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-