General
-
Target
139cc34636ab02bf773ab0145179cba6f33fda2252fc619d804591337837d1e7
-
Size
104KB
-
Sample
230511-vnmsraba4t
-
MD5
c3cffaf487d48cb29845ef2f916ecd69
-
SHA1
d34904c39de3dd0d26c55562d39c118880b693e2
-
SHA256
139cc34636ab02bf773ab0145179cba6f33fda2252fc619d804591337837d1e7
-
SHA512
2b71177952e5fcd508e9980388044ec3a5961aafc3dd8ead8dfc9085157005bb1d0a45805f55dd1c806956ad7bf9bd723bf114d443271defb915720aec3b1b9c
-
SSDEEP
3072:Tf5nj1wIvdSDMvNcNIObQsqrbsgntYQqh+E:TfZj3F1v4bObpntYQqh+
Malware Config
Extracted
http://62.204.41.23/r.png
Extracted
http://62.204.41.23/file.png
Extracted
http://62.204.41.23/o.png
Extracted
redline
[ PRO ]
185.161.248.16:26885
-
auth_value
b4958da54d1cdd9d9b28330afda1cc3c
Targets
-
-
Target
139cc34636ab02bf773ab0145179cba6f33fda2252fc619d804591337837d1e7
-
Size
104KB
-
MD5
c3cffaf487d48cb29845ef2f916ecd69
-
SHA1
d34904c39de3dd0d26c55562d39c118880b693e2
-
SHA256
139cc34636ab02bf773ab0145179cba6f33fda2252fc619d804591337837d1e7
-
SHA512
2b71177952e5fcd508e9980388044ec3a5961aafc3dd8ead8dfc9085157005bb1d0a45805f55dd1c806956ad7bf9bd723bf114d443271defb915720aec3b1b9c
-
SSDEEP
3072:Tf5nj1wIvdSDMvNcNIObQsqrbsgntYQqh+E:TfZj3F1v4bObpntYQqh+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-