General
-
Target
C67FDDCBCFDA1B6799B8A763C13B531A.exe
-
Size
3.7MB
-
Sample
210705-vnnfk525m2
-
MD5
c67fddcbcfda1b6799b8a763c13b531a
-
SHA1
166359124345a00d6f14c0057ff9801f3cd76e7a
-
SHA256
fe8417ad3e0bad396fd009f20ad6cb106605098ec72fb933bb6f8e16cb6d437d
-
SHA512
e742f033a8a8f9ea072ae7053010aa2229c2e250045389eb9d995d94db9acb9a2ea1abaa2479918d14dd7a2a8e3255b64acc3818844b78227033b260d1c14431
Static task
static1
Behavioral task
behavioral1
Sample
C67FDDCBCFDA1B6799B8A763C13B531A.exe
Resource
win7v20210410
Malware Config
Extracted
vidar
39.4
890
https://sergeevih43.tumblr.com
-
profile_id
890
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Targets
-
-
Target
C67FDDCBCFDA1B6799B8A763C13B531A.exe
-
Size
3.7MB
-
MD5
c67fddcbcfda1b6799b8a763c13b531a
-
SHA1
166359124345a00d6f14c0057ff9801f3cd76e7a
-
SHA256
fe8417ad3e0bad396fd009f20ad6cb106605098ec72fb933bb6f8e16cb6d437d
-
SHA512
e742f033a8a8f9ea072ae7053010aa2229c2e250045389eb9d995d94db9acb9a2ea1abaa2479918d14dd7a2a8e3255b64acc3818844b78227033b260d1c14431
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
autoit_exe
AutoIT scripts compiled to PE executables.
-