General
-
Target
FD803562B06F6E1AE9E226D4753B4EB4.exe
-
Size
4.5MB
-
Sample
210702-mvkn2vjm96
-
MD5
fd803562b06f6e1ae9e226d4753b4eb4
-
SHA1
4b9dbabf17cbd95c88554603ac42a5b5f698e4ce
-
SHA256
02f584407c459a4c6145d5b16be33264e7d7ec646285c14062e1f2318e0cd318
-
SHA512
7cc43afcb54b4ddbfe97690f187ae5ab5f8c10fb5888d03b812a4ceb538e72db9b6fc453ea495646f8e49903f596b2fe2c60b8954877bd2957060129f52798fe
Static task
static1
Behavioral task
behavioral1
Sample
FD803562B06F6E1AE9E226D4753B4EB4.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
FD803562B06F6E1AE9E226D4753B4EB4.exe
Resource
win10v20210410
Malware Config
Extracted
redline
DomAni
ergerr3.top:80
Extracted
vidar
39.4
706
https://sergeevih43.tumblr.com
-
profile_id
706
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Targets
-
-
Target
FD803562B06F6E1AE9E226D4753B4EB4.exe
-
Size
4.5MB
-
MD5
fd803562b06f6e1ae9e226d4753b4eb4
-
SHA1
4b9dbabf17cbd95c88554603ac42a5b5f698e4ce
-
SHA256
02f584407c459a4c6145d5b16be33264e7d7ec646285c14062e1f2318e0cd318
-
SHA512
7cc43afcb54b4ddbfe97690f187ae5ab5f8c10fb5888d03b812a4ceb538e72db9b6fc453ea495646f8e49903f596b2fe2c60b8954877bd2957060129f52798fe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Vidar Stealer
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-