General
-
Target
a2059ca7715450dc171f7608325744da.exe
-
Size
45.0MB
-
Sample
240703-fs5f2ayere
-
MD5
a2059ca7715450dc171f7608325744da
-
SHA1
59f73376071e1e81471e8452db1c188340885a2f
-
SHA256
72ef598f8e69e142e21fef23cff48d2e9e49dcd142c12189656eab3269b454eb
-
SHA512
8c2ab1eb0e74a35883f35031c80c98ac63301b21350978d3d322aaf1fc9f02fa7f96cf1f824818f04a821c7f50029a8b9d7b423cf488fd9121dfa00cc0f2562b
-
SSDEEP
786432:m5/faR80BcXAYOuzNYe6NAApOAsExCWUs38wJ/YSGlWfzewb7wrSvMEBE25t:wfiBOAY3j6NB1h/3JJ/YSdfA+vMEBE2r
Static task
static1
Behavioral task
behavioral1
Sample
a2059ca7715450dc171f7608325744da.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a2059ca7715450dc171f7608325744da.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
1
147.45.78.229:43674
Targets
-
-
Target
a2059ca7715450dc171f7608325744da.exe
-
Size
45.0MB
-
MD5
a2059ca7715450dc171f7608325744da
-
SHA1
59f73376071e1e81471e8452db1c188340885a2f
-
SHA256
72ef598f8e69e142e21fef23cff48d2e9e49dcd142c12189656eab3269b454eb
-
SHA512
8c2ab1eb0e74a35883f35031c80c98ac63301b21350978d3d322aaf1fc9f02fa7f96cf1f824818f04a821c7f50029a8b9d7b423cf488fd9121dfa00cc0f2562b
-
SSDEEP
786432:m5/faR80BcXAYOuzNYe6NAApOAsExCWUs38wJ/YSGlWfzewb7wrSvMEBE25t:wfiBOAY3j6NB1h/3JJ/YSdfA+vMEBE2r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-