General
-
Target
idjvgwd.bin.zip
-
Size
172KB
-
Sample
210224-3mvdd59de6
-
MD5
097915463dcf192fdbca34df7a5441d5
-
SHA1
9222ed80cc82240b45616f259408e671d7fd9398
-
SHA256
069b72f63213700ec54cced47b46ae6db1634f807ef2caeb1b2d7b2932708857
-
SHA512
f4e8f5ad108018aca6cdeed729e87de742e8acc9d681be1821b46781eef7a429c85829ceff09786493cd5611ca4b9cd52caa7cc2b76f63ca5f520e79aa384db3
Static task
static1
Behavioral task
behavioral1
Sample
idjvgwd.bin.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
idjvgwd.bin.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
idjvgwd.bin.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
idjvgwd.bin.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
idjvgwd.bin.exe
Resource
win7v20201028
Malware Config
Extracted
smokeloader
2019
http://10022020newfolder1002002131-service1002.space/
http://10022020newfolder1002002231-service1002.space/
http://10022020newfolder3100231-service1002.space/
http://10022020newfolder1002002431-service1002.space/
http://10022020newfolder1002002531-service1002.space/
http://10022020newfolder33417-01242510022020.space/
http://10022020test125831-service1002012510022020.space/
http://10022020test136831-service1002012510022020.space/
http://10022020test147831-service1002012510022020.space/
http://10022020test146831-service1002012510022020.space/
http://10022020test134831-service1002012510022020.space/
http://10022020est213531-service100201242510022020.ru/
http://10022020yes1t3481-service1002012510022020.ru/
http://10022020test13561-service1002012510022020.su/
http://10022020test14781-service1002012510022020.info/
http://10022020test13461-service1002012510022020.net/
http://10022020test15671-service1002012510022020.tech/
http://10022020test12671-service1002012510022020.online/
http://10022020utest1341-service1002012510022020.ru/
http://10022020uest71-service100201dom2510022020.ru/
http://10022020test61-service1002012510022020.website/
http://10022020test51-service1002012510022020.xyz/
http://10022020test41-service100201pro2510022020.ru/
http://10022020yest31-service100201rus2510022020.ru/
http://10022020rest21-service1002012510022020.eu/
http://10022020test11-service1002012510022020.press/
http://10022020newfolder4561-service1002012510022020.ru/
http://10022020rustest213-service1002012510022020.ru/
http://10022020test281-service1002012510022020.ru/
http://10022020test261-service1002012510022020.space/
http://10022020yomtest251-service1002012510022020.ru/
http://10022020yirtest231-service1002012510022020.ru/
Extracted
raccoon
9ba64f4b6fe448911470a88f09d6e7d5b92ff0ab
-
url4cnc
https://telete.in/jagressor_kz
Targets
-
-
Target
idjvgwd.bin
-
Size
1.2MB
-
MD5
ea0e8e6b849a09e27aed632bda488d8c
-
SHA1
de4a5e2aa40a3593090247d14cd5d01f1ae30450
-
SHA256
b10cba4d61edc00dbf593421ccf9b3eafd5e4a50d8049f6a36030a398da01e15
-
SHA512
acbbe334f8e0d9e2a7054582699d8aa40d61f877d49b3b37875182970e641b4287f020dafb2f8f46576fec6616800be3e7706bbccb4d43b3b74f468530ae49bd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-