General
-
Target
setup_x86_x64_install.sfx.exe
-
Size
6.2MB
-
Sample
211007-w4wk9scge4
-
MD5
b38caeb31ea9487d124a12ad9c3207b5
-
SHA1
df15ff8e1ede69f46b5bd319f841b9ec4ab1df2a
-
SHA256
e85bc001411defaad51fd4d9ce8fbb1c13fe77e974da5c5fc4d239e9509a2209
-
SHA512
345785112a003aa76fce4729dde6d3a19e733229577ab97b61badf1a3602e9be3165b00b4ff045ddbe2e5021f1139dbb82769288b5c42966c2fbc4998ff1581a
Static task
static1
Malware Config
Extracted
vidar
41.2
916
https://mas.to/@serg4325
-
profile_id
916
Extracted
redline
media214
91.121.67.60:2151
Extracted
smokeloader
2020
http://gmpeople.com/upload/
http://mile48.com/upload/
http://lecanardstsornin.com/upload/
http://m3600.com/upload/
http://camasirx.com/upload/
Extracted
vidar
41.2
937
https://mas.to/@serg4325
-
profile_id
937
Targets
-
-
Target
setup_x86_x64_install.sfx.exe
-
Size
6.2MB
-
MD5
b38caeb31ea9487d124a12ad9c3207b5
-
SHA1
df15ff8e1ede69f46b5bd319f841b9ec4ab1df2a
-
SHA256
e85bc001411defaad51fd4d9ce8fbb1c13fe77e974da5c5fc4d239e9509a2209
-
SHA512
345785112a003aa76fce4729dde6d3a19e733229577ab97b61badf1a3602e9be3165b00b4ff045ddbe2e5021f1139dbb82769288b5c42966c2fbc4998ff1581a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
Arkei Stealer Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-