General
-
Target
a871d6371c9371bfd2b7bd0b3176db98.exe
-
Size
5.2MB
-
Sample
211001-tdxpjacah3
-
MD5
a871d6371c9371bfd2b7bd0b3176db98
-
SHA1
79963cd76d972288c6647f6fef75fa325253cc7f
-
SHA256
3eaed1d4442ddd5cb4691a9cfd5aef6f374be2a3489b934d9043bb6e980a4841
-
SHA512
9bcde0a5834170d2e0b5b5c6a48ea9964d66f84b6be63b992b7a95cb5e3118d48bf52bdbc3aa5107c9d0049f7d81f09db29b8343d99720b1bee5ae81988e4641
Static task
static1
Behavioral task
behavioral1
Sample
a871d6371c9371bfd2b7bd0b3176db98.exe
Resource
win7-en-20210920
Malware Config
Extracted
redline
jamesoldd
65.108.20.195:6774
Extracted
redline
media26
91.121.67.60:62102
Extracted
vidar
41.1
706
https://mas.to/@bardak1ho
-
profile_id
706
Extracted
smokeloader
2020
http://govsurplusstore.com/upload/
http://best-forsale.com/upload/
http://chmxnautoparts.com/upload/
http://kwazone.com/upload/
Extracted
vidar
41.1
933
https://mas.to/@bardak1ho
-
profile_id
933
Targets
-
-
Target
a871d6371c9371bfd2b7bd0b3176db98.exe
-
Size
5.2MB
-
MD5
a871d6371c9371bfd2b7bd0b3176db98
-
SHA1
79963cd76d972288c6647f6fef75fa325253cc7f
-
SHA256
3eaed1d4442ddd5cb4691a9cfd5aef6f374be2a3489b934d9043bb6e980a4841
-
SHA512
9bcde0a5834170d2e0b5b5c6a48ea9964d66f84b6be63b992b7a95cb5e3118d48bf52bdbc3aa5107c9d0049f7d81f09db29b8343d99720b1bee5ae81988e4641
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-