General
-
Target
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
-
Size
10.4MB
-
Sample
240502-b63gdafg25
-
MD5
22cee31b95cb8b6a767419a460aaaeb0
-
SHA1
0c5c38bd43b0e2a739ec7a75f53d829b7f9f99fb
-
SHA256
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235
-
SHA512
3caae26df9b971a72ad1f904aea02279e3550ec4e5f58ef3ec6dad6db3c35ce9cda6d28d06030aa8cd64fa84dd57a70df59db5884dc22e255cfd36f9a77f8f2e
-
SSDEEP
6144:5n/Nq7BfxS++CICXPcxK0sdyCJoe2WdD4tGPFO9XMH5KJaRHdZQD:5n/4Nfr5xjdyCCWJ4toQY7WD
Static task
static1
Behavioral task
behavioral1
Sample
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
@Felnan32007
45.15.156.167:80
Targets
-
-
Target
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235.exe
-
Size
10.4MB
-
MD5
22cee31b95cb8b6a767419a460aaaeb0
-
SHA1
0c5c38bd43b0e2a739ec7a75f53d829b7f9f99fb
-
SHA256
95ac18eaf1a56e84bb1fdbe10c0f06fff91ce808d45a9359047bdb7267ec8235
-
SHA512
3caae26df9b971a72ad1f904aea02279e3550ec4e5f58ef3ec6dad6db3c35ce9cda6d28d06030aa8cd64fa84dd57a70df59db5884dc22e255cfd36f9a77f8f2e
-
SSDEEP
6144:5n/Nq7BfxS++CICXPcxK0sdyCJoe2WdD4tGPFO9XMH5KJaRHdZQD:5n/4Nfr5xjdyCCWJ4toQY7WD
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects executables (downlaoders) containing URLs to raw contents of a paste
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1