General
-
Target
file
-
Size
311KB
-
Sample
240222-2d8qssfh3z
-
MD5
c054341c513257d659120228b1e3d30e
-
SHA1
e1bf5a000b44f527907b247ce4961ab3273f8be0
-
SHA256
58198729491613457ec265253ecfba24b60f5d7a5de3fcf221bf74c8b4415dbe
-
SHA512
9956d146dbb739298972eb7b55d6757b234b19b99e5aab7fa9e3cd2c6a5fb4b64f983c5ffcbd56f6ffdc1463bca7d4fc1725f7b377e430ff0c862e8ec593a8d2
-
SSDEEP
3072:Ai9gAkHnjP/Q6KSEy/rHuPaW+LN7DxRLlzglKDiAj:NgAkHnjP/QBSEYOPCN7jBDiAj
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file.html
Resource
win10v2004-20240221-en
Malware Config
Extracted
redline
@lipy4ka
45.15.156.167:80
Targets
-
-
Target
file
-
Size
311KB
-
MD5
c054341c513257d659120228b1e3d30e
-
SHA1
e1bf5a000b44f527907b247ce4961ab3273f8be0
-
SHA256
58198729491613457ec265253ecfba24b60f5d7a5de3fcf221bf74c8b4415dbe
-
SHA512
9956d146dbb739298972eb7b55d6757b234b19b99e5aab7fa9e3cd2c6a5fb4b64f983c5ffcbd56f6ffdc1463bca7d4fc1725f7b377e430ff0c862e8ec593a8d2
-
SSDEEP
3072:Ai9gAkHnjP/Q6KSEy/rHuPaW+LN7DxRLlzglKDiAj:NgAkHnjP/QBSEYOPCN7jBDiAj
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1