General
-
Target
a2fc5bd9e6367919ef896665d6ecefba89f41e7e.exe
-
Size
2.8MB
-
Sample
241225-dzwflawqbm
-
MD5
952415cd3af41728ca26f5c45cf3c867
-
SHA1
a2fc5bd9e6367919ef896665d6ecefba89f41e7e
-
SHA256
04cde81ac938706771fa9fe936ee8f79fe7e0799730985190d045ecccbd72235
-
SHA512
b2f73f68ef85fbf54f6228092f1506c6321a8a8cc4c1b9ece1f482958c97ea88e41863313fecd66a52ddc1ae1ad30f9b1bbc98de728fbdb7ee924287e7e07d0c
-
SSDEEP
49152:tOD0G+o20Jl6qY0+tiAJ5/SAt8ZSeWuFJp5FYv6LWhxeK/YgM7UmjD:tOD0GvtnY0+tTzaAtbeWgneyLQx/yN
Static task
static1
Behavioral task
behavioral1
Sample
a2fc5bd9e6367919ef896665d6ecefba89f41e7e.exe
Resource
win10ltsc2021-20241211-en
Behavioral task
behavioral2
Sample
a2fc5bd9e6367919ef896665d6ecefba89f41e7e.exe
Resource
win11-20241007-en
Malware Config
Extracted
redline
719770735
45.133.36.107:1912
Targets
-
-
Target
a2fc5bd9e6367919ef896665d6ecefba89f41e7e.exe
-
Size
2.8MB
-
MD5
952415cd3af41728ca26f5c45cf3c867
-
SHA1
a2fc5bd9e6367919ef896665d6ecefba89f41e7e
-
SHA256
04cde81ac938706771fa9fe936ee8f79fe7e0799730985190d045ecccbd72235
-
SHA512
b2f73f68ef85fbf54f6228092f1506c6321a8a8cc4c1b9ece1f482958c97ea88e41863313fecd66a52ddc1ae1ad30f9b1bbc98de728fbdb7ee924287e7e07d0c
-
SSDEEP
49152:tOD0G+o20Jl6qY0+tiAJ5/SAt8ZSeWuFJp5FYv6LWhxeK/YgM7UmjD:tOD0GvtnY0+tTzaAtbeWgneyLQx/yN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Xmrig family
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-