General
-
Target
3b6724f0782fb7defaad3f17b96a80cae307d230
-
Size
361KB
-
Sample
230127-p9rqyaba69
-
MD5
5ad8cef52f1794c265593cba1ea16791
-
SHA1
3b6724f0782fb7defaad3f17b96a80cae307d230
-
SHA256
47db42f2fea21e2ed1d3957a40e3c3617083483d27c2ec540492a1d6623884f5
-
SHA512
b2482be6f58298395710aac1ea159054e95b6e052de604a1901939f7125b5c3aa7eee964d3225d8d6dd7677cf38a5fcd2699365cc7b5534bc8ff70b3ba845999
-
SSDEEP
6144:HOVW5gGzs7XbM+eg9m+UIuAQjXQ680zRQvPvijCL8LJuxrP8YAOm7hMb+Xc:uVWJzs7XAgs+UIuA6Xv80zunvfLXAMbD
Static task
static1
Behavioral task
behavioral1
Sample
3b6724f0782fb7defaad3f17b96a80cae307d230.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3b6724f0782fb7defaad3f17b96a80cae307d230.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
3b6724f0782fb7defaad3f17b96a80cae307d230
-
Size
361KB
-
MD5
5ad8cef52f1794c265593cba1ea16791
-
SHA1
3b6724f0782fb7defaad3f17b96a80cae307d230
-
SHA256
47db42f2fea21e2ed1d3957a40e3c3617083483d27c2ec540492a1d6623884f5
-
SHA512
b2482be6f58298395710aac1ea159054e95b6e052de604a1901939f7125b5c3aa7eee964d3225d8d6dd7677cf38a5fcd2699365cc7b5534bc8ff70b3ba845999
-
SSDEEP
6144:HOVW5gGzs7XbM+eg9m+UIuAQjXQ680zRQvPvijCL8LJuxrP8YAOm7hMb+Xc:uVWJzs7XAgs+UIuA6Xv80zunvfLXAMbD
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-