General
-
Target
C4Loader.exe
-
Size
451KB
-
Sample
221117-cskvvade45
-
MD5
cdbca9a8dd98f51b9a2ec30da4fd39c9
-
SHA1
69255689f3f6d28bdfa2dc950c1f92e92c73fbf6
-
SHA256
dbdae8b74ecf716b765098a448ca5a64b9b36230a0a1fbd43917daa6ddef4af9
-
SHA512
4b5f1e1709168725e393814de487e776450f38c994ff12bc203339901c5461b0615772a71db4f38d34924a1890231773fee40f059b34fc10c90b826846f6cf36
-
SSDEEP
6144:YhmemwrQ7Qmfsfiv9gMu7w1arWFiUA84PobE+1L9/Kk5KJuqpFeJHxc:YLVrQLsfQgMu7w1ayFiU9CIGpJuqpOC
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
451KB
-
MD5
cdbca9a8dd98f51b9a2ec30da4fd39c9
-
SHA1
69255689f3f6d28bdfa2dc950c1f92e92c73fbf6
-
SHA256
dbdae8b74ecf716b765098a448ca5a64b9b36230a0a1fbd43917daa6ddef4af9
-
SHA512
4b5f1e1709168725e393814de487e776450f38c994ff12bc203339901c5461b0615772a71db4f38d34924a1890231773fee40f059b34fc10c90b826846f6cf36
-
SSDEEP
6144:YhmemwrQ7Qmfsfiv9gMu7w1arWFiUA84PobE+1L9/Kk5KJuqpFeJHxc:YLVrQLsfQgMu7w1ayFiU9CIGpJuqpOC
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-