General
-
Target
C4Loader.exe
-
Size
495KB
-
Sample
221116-kb7x2sdf8y
-
MD5
6ad201444bc392451ffdde0ac9c6249d
-
SHA1
789bf76655e304bc52698de43c553e902a494e1e
-
SHA256
01ee39dcccaa4c07c5f561e68557c3bf316809c82f156a99d03a5ed55e510e96
-
SHA512
c0c75b5476abf61f3986f54a2151e76632ad9ce7fcb844acbc9d19e47aa92397c4208bf62a85d2578b2991e8cb591c023a3c8550aa59f1ba401ff69b82fb8ad8
-
SSDEEP
12288:65z183Z0RwnuD9VHG5m6b+5rPuAaX5nKr3:sG0qm6orY5nM
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
495KB
-
MD5
6ad201444bc392451ffdde0ac9c6249d
-
SHA1
789bf76655e304bc52698de43c553e902a494e1e
-
SHA256
01ee39dcccaa4c07c5f561e68557c3bf316809c82f156a99d03a5ed55e510e96
-
SHA512
c0c75b5476abf61f3986f54a2151e76632ad9ce7fcb844acbc9d19e47aa92397c4208bf62a85d2578b2991e8cb591c023a3c8550aa59f1ba401ff69b82fb8ad8
-
SSDEEP
12288:65z183Z0RwnuD9VHG5m6b+5rPuAaX5nKr3:sG0qm6orY5nM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-