General
-
Target
55007e5a5bb57dbd7c9c4137cb452ef7cef8c40d268eeac4de7f40e49e8b9e25
-
Size
35KB
-
Sample
230105-kd9jnabd63
-
MD5
481b0735ab411bdb1a96ad9e8543124a
-
SHA1
a4346eaeb23abc1bcb239dbbb25d71cfb6758fdd
-
SHA256
55007e5a5bb57dbd7c9c4137cb452ef7cef8c40d268eeac4de7f40e49e8b9e25
-
SHA512
931205de82bc7d40fb099998c133c09fbc58afa480f334f2c4cb5ccbf05c35cd1b7031e9e99e3bb61a54433c4af42cd763f65e639b5359efc5568dab23e04132
-
SSDEEP
768:wBwq4czQCBbp6jqEJgqPy4r/wOPpdwMNhghy0q9:wBwruQC1sn64kmTghy0o
Static task
static1
Behavioral task
behavioral1
Sample
55007e5a5bb57dbd7c9c4137cb452ef7cef8c40d268eeac4de7f40e49e8b9e25.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://62.204.41.194/go.png
Extracted
http://62.204.41.194/F1.exe
Extracted
http://62.204.41.194/me.png
Extracted
redline
$
31.41.244.135:19850
-
auth_value
66623f79e2af33286760f5dd6c4262dc
Targets
-
-
Target
55007e5a5bb57dbd7c9c4137cb452ef7cef8c40d268eeac4de7f40e49e8b9e25
-
Size
35KB
-
MD5
481b0735ab411bdb1a96ad9e8543124a
-
SHA1
a4346eaeb23abc1bcb239dbbb25d71cfb6758fdd
-
SHA256
55007e5a5bb57dbd7c9c4137cb452ef7cef8c40d268eeac4de7f40e49e8b9e25
-
SHA512
931205de82bc7d40fb099998c133c09fbc58afa480f334f2c4cb5ccbf05c35cd1b7031e9e99e3bb61a54433c4af42cd763f65e639b5359efc5568dab23e04132
-
SSDEEP
768:wBwq4czQCBbp6jqEJgqPy4r/wOPpdwMNhghy0q9:wBwruQC1sn64kmTghy0o
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-