General
-
Target
b01ed16a4e4195769783ad5af1c3dd3bc276afcd
-
Size
196KB
-
Sample
230105-bb3tnaac82
-
MD5
4d533edeafd113f95f0ed6c30fdfe67b
-
SHA1
b01ed16a4e4195769783ad5af1c3dd3bc276afcd
-
SHA256
98a5aa5ff640d1b187331ff3d919e7f1b81a7fc8086c7264969793cf4db94b80
-
SHA512
ff9163e706716ec682265d573ee6fc0572774b8564199271e5cb78edf22c1c51d8a64e6a43050e50c76670a3d84edd73ef38f6046210f2a2b8ae2c4b527888bc
-
SSDEEP
6144:/8G/5MLxQJJP3wHUf1MNxAOx64zrq5TQc:kGRMLqwSEjJq5r
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
b01ed16a4e4195769783ad5af1c3dd3bc276afcd
-
Size
196KB
-
MD5
4d533edeafd113f95f0ed6c30fdfe67b
-
SHA1
b01ed16a4e4195769783ad5af1c3dd3bc276afcd
-
SHA256
98a5aa5ff640d1b187331ff3d919e7f1b81a7fc8086c7264969793cf4db94b80
-
SHA512
ff9163e706716ec682265d573ee6fc0572774b8564199271e5cb78edf22c1c51d8a64e6a43050e50c76670a3d84edd73ef38f6046210f2a2b8ae2c4b527888bc
-
SSDEEP
6144:/8G/5MLxQJJP3wHUf1MNxAOx64zrq5TQc:kGRMLqwSEjJq5r
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-