General
-
Target
time.exe
-
Size
11KB
-
Sample
240110-gy6rqabcd8
-
MD5
d2e9696ec235cec72512dec6e9ce5935
-
SHA1
dccd11c272d2fa2e700e7b8b51fa6a9a89f9f3ea
-
SHA256
0341c1348baae5bc2bb53f7c39724eaeaaa929e4d2c11474b267ed064e45f455
-
SHA512
573cdf5ac0ebacb05b5043c062d237c7ddf202816b04b3938ab3059f0bb5ef9979c17d04ff869cf86646a87b8df0e40f8d2f4955ba13165c8adbfc1d8b2f138a
-
SSDEEP
192:gzlJOMaLAN+QHzdV4z1ULU87glpK/b26J46667nh5:6lJOM3+qzqULU870gJEM
Static task
static1
Behavioral task
behavioral1
Sample
time.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
2024
195.20.16.103:20440
Extracted
stealc
http://185.172.128.79
-
url_path
/3886d2276f6914c4.php
Targets
-
-
Target
time.exe
-
Size
11KB
-
MD5
d2e9696ec235cec72512dec6e9ce5935
-
SHA1
dccd11c272d2fa2e700e7b8b51fa6a9a89f9f3ea
-
SHA256
0341c1348baae5bc2bb53f7c39724eaeaaa929e4d2c11474b267ed064e45f455
-
SHA512
573cdf5ac0ebacb05b5043c062d237c7ddf202816b04b3938ab3059f0bb5ef9979c17d04ff869cf86646a87b8df0e40f8d2f4955ba13165c8adbfc1d8b2f138a
-
SSDEEP
192:gzlJOMaLAN+QHzdV4z1ULU87glpK/b26J46667nh5:6lJOM3+qzqULU870gJEM
-
Detect ZGRat V1
-
Gh0st RAT payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1Hide Artifacts
1Hidden Files and Directories
1