General
-
Target
f78aded0d4f78baa5945c5adfe1ae70e42fb8051c50707339156d5012a3bc433
-
Size
3.5MB
-
Sample
220315-r5ab7sche6
-
MD5
c4ff6b45590ecd980bc99be90c2a1f8e
-
SHA1
8e36bb49a70ffdac74bef9e94549669111628c91
-
SHA256
f78aded0d4f78baa5945c5adfe1ae70e42fb8051c50707339156d5012a3bc433
-
SHA512
e670988e65751018a545a2f070b50d3c67bd9868d5f577e8c57b5dac8cd08f6db4f6db9de823678e3c0c0b4eb95dcb63aacaa944149c38579fa4c3472c813980
Static task
static1
Behavioral task
behavioral1
Sample
f78aded0d4f78baa5945c5adfe1ae70e42fb8051c50707339156d5012a3bc433.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
Ani
yaklalau.xyz:80
Extracted
vidar
39.3
706
https://bandakere.tumblr.com/
-
profile_id
706
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Targets
-
-
Target
f78aded0d4f78baa5945c5adfe1ae70e42fb8051c50707339156d5012a3bc433
-
Size
3.5MB
-
MD5
c4ff6b45590ecd980bc99be90c2a1f8e
-
SHA1
8e36bb49a70ffdac74bef9e94549669111628c91
-
SHA256
f78aded0d4f78baa5945c5adfe1ae70e42fb8051c50707339156d5012a3bc433
-
SHA512
e670988e65751018a545a2f070b50d3c67bd9868d5f577e8c57b5dac8cd08f6db4f6db9de823678e3c0c0b4eb95dcb63aacaa944149c38579fa4c3472c813980
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-