General
-
Target
d14b20c4eb8676d6b311af2e9dde7f93.exe
-
Size
124KB
-
Sample
211030-gx7mmaeee4
-
MD5
d14b20c4eb8676d6b311af2e9dde7f93
-
SHA1
83fc9c84a0e1c37c2144a3ef9bec83a0569847bb
-
SHA256
a3cf60a275c70b3b79a12f40ef477ceacc35b66209856fafe770df228df08de4
-
SHA512
cbc5bcfd7251ffb7c8b7d5c9795a2f502f52dde24b7b475996684ad080b808b0996ffeb43020bd31c8453d2243e0d23d108fc8255aea2f48de62d9572a510014
Static task
static1
Behavioral task
behavioral1
Sample
d14b20c4eb8676d6b311af2e9dde7f93.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
d14b20c4eb8676d6b311af2e9dde7f93.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
80.66.87.50:80
Extracted
smokeloader
2020
http://planilhasvba.com.br/wp-admin/js/k/index.php
http://rpk32ubon.ac.th/backup/k/index.php
http://4urhappiness.com/app/k/index.php
http://swedenkhabar.com/wp-admin/js/k/index.php
http://cio.lankapanel.net/wp-admin/js/k/index.php
http://fcmsites.com.br/canal/wp-admin/js/k/index.php
http://lacoibipitanga.com.br/maxart/k/index.php
http://lacoibipitanga.com.br/cgi-bin/k/index.php
http://video.nalahotel.com/k/index.php
http://diving-phocea.com/wp-admin/k/index.php
http://phocea-sudan.com/cgi-bin/k/index.php
http://rpk32ubon.ac.th/wp-admin/js/k/index.php
https://www.twinrealty.com/vworker/k/index.php
Extracted
redline
223
23.94.183.146:60709
Targets
-
-
Target
d14b20c4eb8676d6b311af2e9dde7f93.exe
-
Size
124KB
-
MD5
d14b20c4eb8676d6b311af2e9dde7f93
-
SHA1
83fc9c84a0e1c37c2144a3ef9bec83a0569847bb
-
SHA256
a3cf60a275c70b3b79a12f40ef477ceacc35b66209856fafe770df228df08de4
-
SHA512
cbc5bcfd7251ffb7c8b7d5c9795a2f502f52dde24b7b475996684ad080b808b0996ffeb43020bd31c8453d2243e0d23d108fc8255aea2f48de62d9572a510014
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-