General
-
Target
00854e47bc6249cefca953ddc3f20f48
-
Size
1.4MB
-
Sample
221010-c3mgesacg9
-
MD5
00854e47bc6249cefca953ddc3f20f48
-
SHA1
fbec3af2ab8c29e660c86ecbf5d1c0ca7a33163d
-
SHA256
981b59093b5e83b9956e1a191e763352ba8f270cc2e73fe1b0b172139469a1fa
-
SHA512
1ed70afc8d7b4cc4c12c1a6e7935363caf939b4621ed26397d03eac56d8ef572dda71f3760bd84ece02f9c06f8435c330cf5dad950b56ff4f789a9eafa1ae119
-
SSDEEP
24576:4avwvyzIdOjsYEYLKdIL6/MPDduwMFDbnquTyTUQZdBTSFSRaLSD:EyzIIe9NO9BTSFSRaeD
Static task
static1
Behavioral task
behavioral1
Sample
00854e47bc6249cefca953ddc3f20f48.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
00854e47bc6249cefca953ddc3f20f48.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
62.204.41.141:24758
-
auth_value
083a5d0777f0c1ebc3781a4df2d7b0ba
Targets
-
-
Target
00854e47bc6249cefca953ddc3f20f48
-
Size
1.4MB
-
MD5
00854e47bc6249cefca953ddc3f20f48
-
SHA1
fbec3af2ab8c29e660c86ecbf5d1c0ca7a33163d
-
SHA256
981b59093b5e83b9956e1a191e763352ba8f270cc2e73fe1b0b172139469a1fa
-
SHA512
1ed70afc8d7b4cc4c12c1a6e7935363caf939b4621ed26397d03eac56d8ef572dda71f3760bd84ece02f9c06f8435c330cf5dad950b56ff4f789a9eafa1ae119
-
SSDEEP
24576:4avwvyzIdOjsYEYLKdIL6/MPDduwMFDbnquTyTUQZdBTSFSRaLSD:EyzIIe9NO9BTSFSRaeD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-