General
-
Target
x86_x64_setup SAMPLE.zip
-
Size
3.7MB
-
Sample
210704-ne1xw64qae
-
MD5
6843313bfe81702cea12eebc67ca0e1f
-
SHA1
be6e31936f578e147fe13f74c27ad4563a7ff899
-
SHA256
d7a032dc8f21dde9e4707cc74c4bf6b194ad44c8203d73e36671cd9e74397a34
-
SHA512
1d439208de8111dbba4873d144964da34a1bd78552ded51d903915a8cf5ee282557a8789c4b9332863c4694e7d1e6761dbe2c0dc50df0f047613e6f9aecaee60
Static task
static1
Malware Config
Extracted
vidar
39.4
933
https://sergeevih43.tumblr.com
-
profile_id
933
Extracted
redline
Cana
176.111.174.254:56328
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Targets
-
-
Target
x86_x64_setup.exe
-
Size
3.7MB
-
MD5
6611fc032e738e6510e8739a4b6dd41d
-
SHA1
e51aa30c9670067556da16ae08ba3b6bbcee5c35
-
SHA256
fc6e67ad77ea40e959531734eee1258b1d3c475b96692ea28a8372f45c3b62ca
-
SHA512
63ed2fdcdac5de13bb3607f8c15b0344cbbe22f04886d269386d3f008bdb262d5e358cbbdb94d77929e7b8881a1a4fdbf1c0b293422409c402d71b9d7614ee57
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-