General
-
Target
Downloads.exe
-
Size
6.0MB
-
Sample
210708-1mfyp82zq2
-
MD5
f65a912c6e061ee26b3d306555a36d4a
-
SHA1
7a31c42bb820ab1078f4f5dd474b6d9647bf32df
-
SHA256
0586a3fd9abd4bb02969dfd99aec20411ff82c45f4054636f8ace5289abb9366
-
SHA512
089f8fff8e7294d5c4ca86e3f8647706b0766dd9bd0298dccebbf94bfb6ad6435c93f7434677f4b1e0f9d7a3314f3d6a8d7b2b581596503a292981d6bf065fb4
Static task
static1
Behavioral task
behavioral1
Sample
Downloads.exe
Resource
win7v20210408
Malware Config
Extracted
redline
ServAni
87.251.71.195:82
Extracted
vidar
39.4
706
https://sergeevih43.tumblr.com
-
profile_id
706
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Targets
-
-
Target
Downloads.exe
-
Size
6.0MB
-
MD5
f65a912c6e061ee26b3d306555a36d4a
-
SHA1
7a31c42bb820ab1078f4f5dd474b6d9647bf32df
-
SHA256
0586a3fd9abd4bb02969dfd99aec20411ff82c45f4054636f8ace5289abb9366
-
SHA512
089f8fff8e7294d5c4ca86e3f8647706b0766dd9bd0298dccebbf94bfb6ad6435c93f7434677f4b1e0f9d7a3314f3d6a8d7b2b581596503a292981d6bf065fb4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-