Resubmissions
15/06/2024, 11:23
240615-nhcx2aydmb 115/06/2024, 11:22
240615-ng1byaydke 115/06/2024, 11:16
240615-ndewtsscnq 1014/06/2024, 17:58
240614-wkcn2svbrk 1014/06/2024, 17:57
240614-wjtaeavbpj 114/06/2024, 17:56
240614-wh8npsvbnj 114/06/2024, 17:55
240614-whjdtavblj 114/06/2024, 16:38
240614-t5wxbaycqb 1014/06/2024, 16:38
240614-t5hppaycpe 114/06/2024, 16:37
240614-t42feaycne 1General
-
Target
http://p1t.fun/?l=1031
-
Sample
240614-t5wxbaycqb
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://p1t.fun/?l=1031
Resource
win10-20240404-en
22 signatures
600 seconds
Malware Config
Extracted
Family
redline
Botnet
1467997772
C2
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/id/993846634744/
Targets
-
-
Target
http://p1t.fun/?l=1031
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-