General
-
Target
56FBB5D915FF47C20902B8927BA569A3.exe
-
Size
3.8MB
-
Sample
210723-7xbllrc9vn
-
MD5
56fbb5d915ff47c20902b8927ba569a3
-
SHA1
23aae060b278385144806e0c371af6c69b8e0158
-
SHA256
08c672cbfc638f1cde4a502afb6b0b907b0a665a6b487a9552cbf48abcb516a1
-
SHA512
8067445522ceff25c27caa0683019a0738658509c72f2600c56efe31fd57a0478b23489321132dba66c6826790b94a5cbe676181899a8211ea2aa31988eeaeb2
Static task
static1
Behavioral task
behavioral1
Sample
56FBB5D915FF47C20902B8927BA569A3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
56FBB5D915FF47C20902B8927BA569A3.exe
Resource
win10v20210410
Malware Config
Extracted
vidar
39.7
933
https://shpak125.tumblr.com/
-
profile_id
933
Extracted
redline
Build2
45.142.213.135:30059
Extracted
redline
Ani
yoshelona.xyz:80
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Targets
-
-
Target
56FBB5D915FF47C20902B8927BA569A3.exe
-
Size
3.8MB
-
MD5
56fbb5d915ff47c20902b8927ba569a3
-
SHA1
23aae060b278385144806e0c371af6c69b8e0158
-
SHA256
08c672cbfc638f1cde4a502afb6b0b907b0a665a6b487a9552cbf48abcb516a1
-
SHA512
8067445522ceff25c27caa0683019a0738658509c72f2600c56efe31fd57a0478b23489321132dba66c6826790b94a5cbe676181899a8211ea2aa31988eeaeb2
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE GCleaner Downloader Activity M1
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-