General
-
Target
b5c199b3fb16810ba6fa5a3f768bc445610a38a46d1f3ee1b334007e33ab6753
-
Size
271KB
-
Sample
210922-cylz4adfcr
-
MD5
b1ddd2784abe06ff0bbcf22d723dab13
-
SHA1
352aeaa461d035c7419606c4697d05a954180595
-
SHA256
b5c199b3fb16810ba6fa5a3f768bc445610a38a46d1f3ee1b334007e33ab6753
-
SHA512
6f95de1fdd5860da2d47e89eb44acf33122361b00cc442cbce3cc6ffde4e53e3db7dfc189ef562d81673872b26231bf5e5a4a6a4033690f06de914cea2eea618
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
Extracted
redline
paladin
188.124.36.242:25802
Extracted
vidar
40.9
828
https://stacenko668.tumblr.com/
-
profile_id
828
Targets
-
-
Target
b5c199b3fb16810ba6fa5a3f768bc445610a38a46d1f3ee1b334007e33ab6753
-
Size
271KB
-
MD5
b1ddd2784abe06ff0bbcf22d723dab13
-
SHA1
352aeaa461d035c7419606c4697d05a954180595
-
SHA256
b5c199b3fb16810ba6fa5a3f768bc445610a38a46d1f3ee1b334007e33ab6753
-
SHA512
6f95de1fdd5860da2d47e89eb44acf33122361b00cc442cbce3cc6ffde4e53e3db7dfc189ef562d81673872b26231bf5e5a4a6a4033690f06de914cea2eea618
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-