General
-
Target
C4Loader.exe
-
Size
32KB
-
Sample
221126-299yqscd56
-
MD5
1b0e1de4fc8c200d3ea4509b9937ff01
-
SHA1
2cd17bfc99d0675977ee0bbd0494ed2aaa96cb2a
-
SHA256
7b70b9f9483656e7b8ce1981fefd6dfe77cfd0d89b0826eb2c1ebabbf7d23a18
-
SHA512
59821ffa02b7876da06032e577dfea6cc6df133b19e2a9c2295e1f6011883e2c298f71b2a4c5f04ceca492a26a1e22bdf368f95747cf7fba0dc4e3916c8ef403
-
SSDEEP
384:9vXX8GJ98MXVej4FsObOM7o/qo9VhvyCtCWdCMT42Ud0fz5WA9Snh9ZpR5ZsHLEt:RXX8GT8MXBb7oCIpwl2vz5WASnhza5c
Static task
static1
Behavioral task
behavioral1
Sample
C4Loader.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
C4Loader.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
C4Loader.exe
-
Size
32KB
-
MD5
1b0e1de4fc8c200d3ea4509b9937ff01
-
SHA1
2cd17bfc99d0675977ee0bbd0494ed2aaa96cb2a
-
SHA256
7b70b9f9483656e7b8ce1981fefd6dfe77cfd0d89b0826eb2c1ebabbf7d23a18
-
SHA512
59821ffa02b7876da06032e577dfea6cc6df133b19e2a9c2295e1f6011883e2c298f71b2a4c5f04ceca492a26a1e22bdf368f95747cf7fba0dc4e3916c8ef403
-
SSDEEP
384:9vXX8GJ98MXVej4FsObOM7o/qo9VhvyCtCWdCMT42Ud0fz5WA9Snh9ZpR5ZsHLEt:RXX8GT8MXBb7oCIpwl2vz5WASnhza5c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-