General
-
Target
71feef2d7c3a5b64d022f29b9e76799d.exe
-
Size
1.8MB
-
Sample
230616-n6v4hsef2t
-
MD5
71feef2d7c3a5b64d022f29b9e76799d
-
SHA1
4e166f8b0f35d3e654ab6a16793f17fc8f648b7c
-
SHA256
b20a55927f7fa65653a758c3962622ffdb428ef6fe03f80493b4798fa12ba1db
-
SHA512
61562206896ce0824f8f70af2e2e9a4ef98d3053a11d2e74f21cf5b780e99bd025a9dd3cc87fb1e779dd09402892a264fefa69496e1c6447da938d9fcaf0395e
-
SSDEEP
49152:4HWOaUxJgoj1THQbUf3rVrCOFA70asTrm:8CYJgClHWUf3rFC30at
Static task
static1
Behavioral task
behavioral1
Sample
71feef2d7c3a5b64d022f29b9e76799d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
71feef2d7c3a5b64d022f29b9e76799d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
top
83.97.73.124:53
-
auth_value
053e5ccc53982413753b68419138b23a
Extracted
redline
Lyla1606
94.130.176.65:13400
-
auth_value
f39fff6907be2a845f1dd21f03a9f743
Targets
-
-
Target
71feef2d7c3a5b64d022f29b9e76799d.exe
-
Size
1.8MB
-
MD5
71feef2d7c3a5b64d022f29b9e76799d
-
SHA1
4e166f8b0f35d3e654ab6a16793f17fc8f648b7c
-
SHA256
b20a55927f7fa65653a758c3962622ffdb428ef6fe03f80493b4798fa12ba1db
-
SHA512
61562206896ce0824f8f70af2e2e9a4ef98d3053a11d2e74f21cf5b780e99bd025a9dd3cc87fb1e779dd09402892a264fefa69496e1c6447da938d9fcaf0395e
-
SSDEEP
49152:4HWOaUxJgoj1THQbUf3rVrCOFA70asTrm:8CYJgClHWUf3rFC30at
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-