General
-
Target
ca212bc136143602857c108899f4a842d456e9bb4218920b22c25f63bbf67610
-
Size
306KB
-
Sample
220908-tjqheacber
-
MD5
805113727f1454f88a2eaa99bd0b1dc6
-
SHA1
42ec32c57be490b607df2c18c43ff638d4d95e51
-
SHA256
ca212bc136143602857c108899f4a842d456e9bb4218920b22c25f63bbf67610
-
SHA512
4abe082e34464860362b87407392cbdcb1752361d62bd3c9f601a7030c5faafb8ebfc04ca8ed99651d5e8067214fef15dde4a758c00505acfecbb2a15de6c4e4
-
SSDEEP
6144:VehWrb+clwmr5DPzlQvzVuK6MAIISPe/TNj5eOWMJ:VTbtwmN7ZQvzM+RI5/beE
Static task
static1
Behavioral task
behavioral1
Sample
ca212bc136143602857c108899f4a842d456e9bb4218920b22c25f63bbf67610.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
mario_new
176.122.23.55:11768
-
auth_value
eeee8d5fcc3ba3a42094ef260c5bdcb4
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dhfry901/
Targets
-
-
Target
ca212bc136143602857c108899f4a842d456e9bb4218920b22c25f63bbf67610
-
Size
306KB
-
MD5
805113727f1454f88a2eaa99bd0b1dc6
-
SHA1
42ec32c57be490b607df2c18c43ff638d4d95e51
-
SHA256
ca212bc136143602857c108899f4a842d456e9bb4218920b22c25f63bbf67610
-
SHA512
4abe082e34464860362b87407392cbdcb1752361d62bd3c9f601a7030c5faafb8ebfc04ca8ed99651d5e8067214fef15dde4a758c00505acfecbb2a15de6c4e4
-
SSDEEP
6144:VehWrb+clwmr5DPzlQvzVuK6MAIISPe/TNj5eOWMJ:VTbtwmN7ZQvzM+RI5/beE
-
Detects Smokeloader packer
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-