General
-
Target
RedLine Stealer.zip
-
Size
17.2MB
-
Sample
241212-ad565atjfs
-
MD5
d3d1d5504a838b38d27bfdc29a9bf0ea
-
SHA1
f6c351251c4b5fa64b852dc2ae6f85cf870a1508
-
SHA256
4f90b7c87ae9a261936b72f8062c7ffff38f5921dc58794a23084aa0ad95969d
-
SHA512
7f7dd2471f6aec68b1a2d59b1ccac1cef1142ee9fd734db6b320013dddac3c8e828ec0339765aa4df864e275415862df877971dbec803a3d6b350f034982c781
-
SSDEEP
393216:y6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tx:y5L1rFjEKl1oNrJZYyl
Static task
static1
Malware Config
Extracted
xworm
5.0
svchost.serveirc.com:1313
MML7YiawHlQLefrX
-
Install_directory
%AppData%
-
install_file
svchost.exe
-
telegram
https://api.telegram.org/bot7089308942:AAHsTcsMKoz1p6-9kX7OD8cZDlRLQM_DN-A/sendMessage?chat_id=5936200928
Targets
-
-
Target
RedLine Stealer.zip
-
Size
17.2MB
-
MD5
d3d1d5504a838b38d27bfdc29a9bf0ea
-
SHA1
f6c351251c4b5fa64b852dc2ae6f85cf870a1508
-
SHA256
4f90b7c87ae9a261936b72f8062c7ffff38f5921dc58794a23084aa0ad95969d
-
SHA512
7f7dd2471f6aec68b1a2d59b1ccac1cef1142ee9fd734db6b320013dddac3c8e828ec0339765aa4df864e275415862df877971dbec803a3d6b350f034982c781
-
SSDEEP
393216:y6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tx:y5L1rFjEKl1oNrJZYyl
-
Detect Xworm Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Xworm family
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-