General
-
Target
main_setup_x86x64 SAMPLE.zip
-
Size
5.7MB
-
Sample
210706-lrnm38aaye
-
MD5
7e7e4c62d44e8f8280474a1b852eef49
-
SHA1
a9781422b5ff52ed54907821d506a70e650b1f72
-
SHA256
d81801103db8099772e85deae68b43aaa7e894366ab55b819dc1f89d54e9823d
-
SHA512
326d12f48aefbcff3e2ae2fbb3b6591e932e4650e8d20a0fe62dea49c1b5c529387b70b858e5c44d70ce96f28d52d07eea0f47a4d464a5b5b5845c95c3060443
Static task
static1
Malware Config
Extracted
vidar
39.4
933
https://sergeevih43.tumblr.com
-
profile_id
933
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Extracted
redline
Ani
detuyaluro.xyz:80
Targets
-
-
Target
main_setup_x86x64.exe
-
Size
5.7MB
-
MD5
d241c70e1db8676e48c9c02937b2a589
-
SHA1
45f2b455c72040798fd92801e28dd5c154be8e8b
-
SHA256
36a7bd10bbfbb3998773c4822e1813b4f4bfb33e65a008241c35116e19dae52c
-
SHA512
5b376da38f0361a672ac3ac4c1fe0ec66ed3642fb591ade7fe4f400f7ad3c1affe440a4b243d036e4e58ed131df43376ff5e2b6c1b733a43cf4e68dd752f7072
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-