General
-
Target
Loader.rar
-
Size
65KB
-
Sample
221107-hsnjmadbf8
-
MD5
587c269b3da8ecbfb2dd3d2be9082e9e
-
SHA1
902ddb2dfe24e22cbd0f76131dc1286660b0bbce
-
SHA256
989619acb386c9775390be42cbf64bc99123fcbf3b53c5a3af23747d2d427f5c
-
SHA512
4e2c3f736baf3c09660a7568f61d70d9310efbff17ba3efe406f7b7b86d7dd15f521e20a43a566cc288b1b58bfabdca865600c2c437c42e77ca3c761debaad75
-
SSDEEP
1536:Zq7jqOvmWE9i56xXlSFt4DOpQ2gemaAi9pHRylLp9zr4og:kNvvEW6xqDgeSERqp9M
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
126KB
-
MD5
e755b7599fc8b631b954d2d80a3246cb
-
SHA1
0f557b0b356fc7b5462d252cccd19f93b2cc696a
-
SHA256
4b8e43a1cee980394eb2845ea6657b376746b84b52bbd3d2ea062cbdfb292d5d
-
SHA512
426bec87d3c521b99d34813d9953aa7eaebbbebc155056e3fe53f893c8fca7a9ee1c4657c192472c82323470388f1238a994ac6fb54ad3d7f2e42355229e2a7c
-
SSDEEP
3072:AWrLpduTeRflPTgZv6NV5GqZdPAxusJt6fgMvXM0jJ5Y7eyFNeVmlUOL18c:AUL4YpTV4mAxh6fDyFxL18c
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-