General
-
Target
tmp
-
Size
362KB
-
Sample
221008-qhsplaehdk
-
MD5
93e3876597af0c16c1e32424dd9ff212
-
SHA1
df69ca158ef451a2cf3b32f10409b48cfc57fa7e
-
SHA256
7119b7e8e9554d59cc39b1323e50de7acb2ecabd1ad10c52d78d88c6a70e1a21
-
SHA512
56e1ad4bb0698859b49c4788ce5a9e2fcf43b871c8a8cff06e304fda4c5d6d96adbefde7608448e77ed25348f08b1a6d9cbbc6219672681881d4835329c51c58
-
SSDEEP
6144:N1JXpXvwqOiGmmaf7PFF/uwjJIptiYsL9vmB/SKzAniKzSwrwdMKKnGBBGBBBBb4:N1JXpXvw8F/uwjJsiZ9OVSZniKOwwMKf
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
5feee36b1b0118b3c26960ddcc22794d
Targets
-
-
Target
tmp
-
Size
362KB
-
MD5
93e3876597af0c16c1e32424dd9ff212
-
SHA1
df69ca158ef451a2cf3b32f10409b48cfc57fa7e
-
SHA256
7119b7e8e9554d59cc39b1323e50de7acb2ecabd1ad10c52d78d88c6a70e1a21
-
SHA512
56e1ad4bb0698859b49c4788ce5a9e2fcf43b871c8a8cff06e304fda4c5d6d96adbefde7608448e77ed25348f08b1a6d9cbbc6219672681881d4835329c51c58
-
SSDEEP
6144:N1JXpXvwqOiGmmaf7PFF/uwjJIptiYsL9vmB/SKzAniKzSwrwdMKKnGBBGBBBBb4:N1JXpXvw8F/uwjJsiZ9OVSZniKOwwMKf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-