General
-
Target
522ad942f89593d63bd90ea186da89aa0f015d4238897f410494b4575ff88b60
-
Size
3.3MB
-
Sample
220310-wy5lzsdabl
-
MD5
0362878634b7283828d514a5561e331f
-
SHA1
d3096f892545af016fe2663d4b652b3e0e92dd25
-
SHA256
522ad942f89593d63bd90ea186da89aa0f015d4238897f410494b4575ff88b60
-
SHA512
23c2fdafb4efb343ef6a4ac61669e4ed7f9af41722b54e203b9637931a2cf121f532095236910c29dac7548e677b9b598aa4ffd11354f73731226d3a3ef9355e
Static task
static1
Behavioral task
behavioral1
Sample
522ad942f89593d63bd90ea186da89aa0f015d4238897f410494b4575ff88b60.exe
Resource
win7-20220223-en
Malware Config
Extracted
redline
Ani
yaklalau.xyz:80
Extracted
vidar
39.3
706
https://bandakere.tumblr.com/
-
profile_id
706
Extracted
redline
NCanal01
pupdatastart.tech:80
pupdatastart.xyz:80
pupdatastar.store:80
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Targets
-
-
Target
522ad942f89593d63bd90ea186da89aa0f015d4238897f410494b4575ff88b60
-
Size
3.3MB
-
MD5
0362878634b7283828d514a5561e331f
-
SHA1
d3096f892545af016fe2663d4b652b3e0e92dd25
-
SHA256
522ad942f89593d63bd90ea186da89aa0f015d4238897f410494b4575ff88b60
-
SHA512
23c2fdafb4efb343ef6a4ac61669e4ed7f9af41722b54e203b9637931a2cf121f532095236910c29dac7548e677b9b598aa4ffd11354f73731226d3a3ef9355e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-