General
-
Target
df34772d9dface6ac5f9b42d436c8d17d86c1fb918c595cdc4bcb6a3cac329eb
-
Size
35KB
-
Sample
230105-x6tecsda52
-
MD5
418f539b6c8b4978d973b373845fb78d
-
SHA1
cc1330a736b9d4ef45952ad5a36d3a84cae7d68a
-
SHA256
df34772d9dface6ac5f9b42d436c8d17d86c1fb918c595cdc4bcb6a3cac329eb
-
SHA512
f94961e5a2cfa66054066990329ff98aae4625c827bd3f60d038b6c9f96f64468a7327247be2ab75568a66f8186890fbf5f296449bf690c2eb17594d7c19cdee
-
SSDEEP
768:10Wv/hC8aODVBEj7dSDAy4r/wOPpdwMNhghy0q9:100U8aODVcQ4kmTghy0w
Static task
static1
Behavioral task
behavioral1
Sample
df34772d9dface6ac5f9b42d436c8d17d86c1fb918c595cdc4bcb6a3cac329eb.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://62.204.41.194/go.png
Extracted
http://62.204.41.194/me.png
Extracted
http://62.204.41.194/F1.exe
Extracted
redline
$
31.41.244.135:19850
-
auth_value
66623f79e2af33286760f5dd6c4262dc
Targets
-
-
Target
df34772d9dface6ac5f9b42d436c8d17d86c1fb918c595cdc4bcb6a3cac329eb
-
Size
35KB
-
MD5
418f539b6c8b4978d973b373845fb78d
-
SHA1
cc1330a736b9d4ef45952ad5a36d3a84cae7d68a
-
SHA256
df34772d9dface6ac5f9b42d436c8d17d86c1fb918c595cdc4bcb6a3cac329eb
-
SHA512
f94961e5a2cfa66054066990329ff98aae4625c827bd3f60d038b6c9f96f64468a7327247be2ab75568a66f8186890fbf5f296449bf690c2eb17594d7c19cdee
-
SSDEEP
768:10Wv/hC8aODVBEj7dSDAy4r/wOPpdwMNhghy0q9:100U8aODVcQ4kmTghy0w
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
XMRig Miner payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-