General
-
Target
7744729A25A46BA8F1C3B1CE451DCE0E.exe
-
Size
4.2MB
-
Sample
211005-2999haadc9
-
MD5
7744729a25a46ba8f1c3b1ce451dce0e
-
SHA1
c2d23d94760223306cd040c0a0ec0440e0fe839f
-
SHA256
3d956bd7b7e1c1e253b997de0d325abeba7be7d75626d751fad5a28ec3c464a5
-
SHA512
474d33a00de183005965f4b3f6391df71ee82889a370ee2f1b039fe7390e28d568b40990968ddabdd8ab34d8e76b44b143b355edfdb4700906d73948d49931b8
Static task
static1
Malware Config
Extracted
redline
jamesoldd
65.108.20.195:6774
Extracted
smokeloader
2020
http://gmpeople.com/upload/
http://mile48.com/upload/
http://lecanardstsornin.com/upload/
http://m3600.com/upload/
http://camasirx.com/upload/
Extracted
redline
ANI
45.142.215.47:27643
Extracted
vidar
41.1
933
https://mas.to/@bardak1ho
-
profile_id
933
Targets
-
-
Target
7744729A25A46BA8F1C3B1CE451DCE0E.exe
-
Size
4.2MB
-
MD5
7744729a25a46ba8f1c3b1ce451dce0e
-
SHA1
c2d23d94760223306cd040c0a0ec0440e0fe839f
-
SHA256
3d956bd7b7e1c1e253b997de0d325abeba7be7d75626d751fad5a28ec3c464a5
-
SHA512
474d33a00de183005965f4b3f6391df71ee82889a370ee2f1b039fe7390e28d568b40990968ddabdd8ab34d8e76b44b143b355edfdb4700906d73948d49931b8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Vidar Stealer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-