General
-
Target
1d678410484e34165adb652f7e86a2b5cae5f58d
-
Size
361KB
-
Sample
230128-qjrtpaeh79
-
MD5
18852c1659b6641a1f4eeacf6ce6bb8d
-
SHA1
1d678410484e34165adb652f7e86a2b5cae5f58d
-
SHA256
34efda61716ff1db7297813317e194d4eaa74ae5209810ef6045aabab2af3179
-
SHA512
86295df5931e4673fc6579c1d6425040dbf44c6fbd5c19a35228f1c9f8d4917944c8ff020998d4504853398e7640664bf10c275835b1bfa7a236a073ed518b74
-
SSDEEP
6144:lUNamFD8LPUsNuwibRhinAoCRH+SXm+iMvOfcLpp0AdgqMGjEAOe75wBNEj+nc:lUFD8LPaw2RhinATReSXmPMvBBdqZBNU
Static task
static1
Behavioral task
behavioral1
Sample
1d678410484e34165adb652f7e86a2b5cae5f58d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1d678410484e34165adb652f7e86a2b5cae5f58d.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
1
107.182.129.73:21733
-
auth_value
3a5bb0917495b4312d052a0b8977d2bb
Targets
-
-
Target
1d678410484e34165adb652f7e86a2b5cae5f58d
-
Size
361KB
-
MD5
18852c1659b6641a1f4eeacf6ce6bb8d
-
SHA1
1d678410484e34165adb652f7e86a2b5cae5f58d
-
SHA256
34efda61716ff1db7297813317e194d4eaa74ae5209810ef6045aabab2af3179
-
SHA512
86295df5931e4673fc6579c1d6425040dbf44c6fbd5c19a35228f1c9f8d4917944c8ff020998d4504853398e7640664bf10c275835b1bfa7a236a073ed518b74
-
SSDEEP
6144:lUNamFD8LPUsNuwibRhinAoCRH+SXm+iMvOfcLpp0AdgqMGjEAOe75wBNEj+nc:lUFD8LPaw2RhinATReSXmPMvBBdqZBNU
Score10/10-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-