General
-
Target
f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46
-
Size
1.1MB
-
Sample
231121-mvl6ssdg99
-
MD5
b81255811776e073c6b7eb0f795fa374
-
SHA1
f41680b8064fa21d7532a7d8cae68588e0d9301f
-
SHA256
f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46
-
SHA512
ad2bd79bfc8f5776a43ff6228046a1420255ac823af765cdc890c0449a94483d6313a6150b2d87c5156201e2c09d75e7572fa8d0ec5ff8e870bf770060574121
-
SSDEEP
24576:tyoLV7cwmlCvGodI2cV5hije3Hho7iFHCQ2MeF:IWV7IlCv5q5hWeXhx9u
Static task
static1
Behavioral task
behavioral1
Sample
f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Targets
-
-
Target
f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46
-
Size
1.1MB
-
MD5
b81255811776e073c6b7eb0f795fa374
-
SHA1
f41680b8064fa21d7532a7d8cae68588e0d9301f
-
SHA256
f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46
-
SHA512
ad2bd79bfc8f5776a43ff6228046a1420255ac823af765cdc890c0449a94483d6313a6150b2d87c5156201e2c09d75e7572fa8d0ec5ff8e870bf770060574121
-
SSDEEP
24576:tyoLV7cwmlCvGodI2cV5hije3Hho7iFHCQ2MeF:IWV7IlCv5q5hWeXhx9u
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-