General
-
Target
e9bbb9bb25aefef75633526f2c9b2be7e22a028c
-
Size
357KB
-
Sample
230117-x7acwaeb78
-
MD5
421b9e53b27a7c5ec2e1ec5f7bfdc4b6
-
SHA1
e9bbb9bb25aefef75633526f2c9b2be7e22a028c
-
SHA256
cb53dda7d6fa34b382e5588a59e12f7aa38e3aa8922b6aa67b3b3b4e7441f61a
-
SHA512
a89eb2e7e2373ba50b5f2524b21baf26eb5d79038600e1ec00dcf5ae1137a09b51189832c3120a229523b9986a8619173e4e2e7e12e701d4291a7a7282d70fa7
-
SSDEEP
6144:Pw41IucFA1vajiCrlSec+lOeyHpUnAgGt6Lc9bir5pAOH5oOIc:Y41IuhvajiCZSecI3yHmo4lt/
Static task
static1
Behavioral task
behavioral1
Sample
e9bbb9bb25aefef75633526f2c9b2be7e22a028c.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e9bbb9bb25aefef75633526f2c9b2be7e22a028c.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
e9bbb9bb25aefef75633526f2c9b2be7e22a028c
-
Size
357KB
-
MD5
421b9e53b27a7c5ec2e1ec5f7bfdc4b6
-
SHA1
e9bbb9bb25aefef75633526f2c9b2be7e22a028c
-
SHA256
cb53dda7d6fa34b382e5588a59e12f7aa38e3aa8922b6aa67b3b3b4e7441f61a
-
SHA512
a89eb2e7e2373ba50b5f2524b21baf26eb5d79038600e1ec00dcf5ae1137a09b51189832c3120a229523b9986a8619173e4e2e7e12e701d4291a7a7282d70fa7
-
SSDEEP
6144:Pw41IucFA1vajiCrlSec+lOeyHpUnAgGt6Lc9bir5pAOH5oOIc:Y41IuhvajiCZSecI3yHmo4lt/
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-