General
-
Target
C4Loader.exe
-
Size
451KB
-
Sample
221116-rgqdhsbf72
-
MD5
6ebfb1bc4aef4886d38fbb5170371b58
-
SHA1
084b3f0910c3fcf8a4cfeed2428ff786b94f3759
-
SHA256
dcdf6845df1e1aed6f335dd6f2a3ff7351984522235937e5c4a1c746c7fe4371
-
SHA512
c041161a616de51ebe98e01c93e710ccf177a52f998376808b56e6e624c40729377298335fde0092b2472af3acd8e9b417701f23c4afc24053e837f17346300a
-
SSDEEP
6144:aO6T/AiMhIbmjE1RrkHDS83avj7hPBV8MvqndNrhuCJm/rGlnrxZOc:cT/yIKjE1RrkHDS83aHTehuCJwGlnXJ
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
451KB
-
MD5
6ebfb1bc4aef4886d38fbb5170371b58
-
SHA1
084b3f0910c3fcf8a4cfeed2428ff786b94f3759
-
SHA256
dcdf6845df1e1aed6f335dd6f2a3ff7351984522235937e5c4a1c746c7fe4371
-
SHA512
c041161a616de51ebe98e01c93e710ccf177a52f998376808b56e6e624c40729377298335fde0092b2472af3acd8e9b417701f23c4afc24053e837f17346300a
-
SSDEEP
6144:aO6T/AiMhIbmjE1RrkHDS83avj7hPBV8MvqndNrhuCJm/rGlnrxZOc:cT/yIKjE1RrkHDS83aHTehuCJwGlnXJ
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-