General
-
Target
C4Loader.exe
-
Size
126KB
-
Sample
221107-kh6cssafcl
-
MD5
e755b7599fc8b631b954d2d80a3246cb
-
SHA1
0f557b0b356fc7b5462d252cccd19f93b2cc696a
-
SHA256
4b8e43a1cee980394eb2845ea6657b376746b84b52bbd3d2ea062cbdfb292d5d
-
SHA512
426bec87d3c521b99d34813d9953aa7eaebbbebc155056e3fe53f893c8fca7a9ee1c4657c192472c82323470388f1238a994ac6fb54ad3d7f2e42355229e2a7c
-
SSDEEP
3072:AWrLpduTeRflPTgZv6NV5GqZdPAxusJt6fgMvXM0jJ5Y7eyFNeVmlUOL18c:AUL4YpTV4mAxh6fDyFxL18c
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
126KB
-
MD5
e755b7599fc8b631b954d2d80a3246cb
-
SHA1
0f557b0b356fc7b5462d252cccd19f93b2cc696a
-
SHA256
4b8e43a1cee980394eb2845ea6657b376746b84b52bbd3d2ea062cbdfb292d5d
-
SHA512
426bec87d3c521b99d34813d9953aa7eaebbbebc155056e3fe53f893c8fca7a9ee1c4657c192472c82323470388f1238a994ac6fb54ad3d7f2e42355229e2a7c
-
SSDEEP
3072:AWrLpduTeRflPTgZv6NV5GqZdPAxusJt6fgMvXM0jJ5Y7eyFNeVmlUOL18c:AUL4YpTV4mAxh6fDyFxL18c
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-