General
-
Target
c565f71f426a913c738310198a01654ed930dd09
-
Size
361KB
-
Sample
230127-qb3afsbb66
-
MD5
0d356ea4776618c8018b385e50720061
-
SHA1
c565f71f426a913c738310198a01654ed930dd09
-
SHA256
b4968767ee9f8c1ae309d7f8a8f4c9cff847a81d46d021608add9de06a4ba965
-
SHA512
68a17800b2f2fefb5e5f28c2d1639989361f158c53dcc5e7c6ca49b61e7eabc1343b0e91ca8bdba1febfac33cc92ad84a6daf94acae9abf8470a722a91db7268
-
SSDEEP
6144:/iN9Ozs7npw4ngtJ5kJ+w4UhclWqDzEgvDv8LGB3JBVvidaGExXAO+DzyM7+Hc:/iqzs7nNg35kJ+wJhcgqDzLbvBBxvxXw
Static task
static1
Behavioral task
behavioral1
Sample
c565f71f426a913c738310198a01654ed930dd09.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c565f71f426a913c738310198a01654ed930dd09.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
c565f71f426a913c738310198a01654ed930dd09
-
Size
361KB
-
MD5
0d356ea4776618c8018b385e50720061
-
SHA1
c565f71f426a913c738310198a01654ed930dd09
-
SHA256
b4968767ee9f8c1ae309d7f8a8f4c9cff847a81d46d021608add9de06a4ba965
-
SHA512
68a17800b2f2fefb5e5f28c2d1639989361f158c53dcc5e7c6ca49b61e7eabc1343b0e91ca8bdba1febfac33cc92ad84a6daf94acae9abf8470a722a91db7268
-
SSDEEP
6144:/iN9Ozs7npw4ngtJ5kJ+w4UhclWqDzEgvDv8LGB3JBVvidaGExXAO+DzyM7+Hc:/iqzs7nNg35kJ+wJhcgqDzLbvBBxvxXw
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-