General
-
Target
b937942f7bcaf8fa54418e1a83e6c61fbbeec6da0fa5f50978d8a6c06447c86a
-
Size
294KB
-
Sample
220908-xsswnsfcg8
-
MD5
582d22029015a45bcd36cc3b66834e03
-
SHA1
22fcdc2c63ef7143ac17f9c88b997e933132e930
-
SHA256
b937942f7bcaf8fa54418e1a83e6c61fbbeec6da0fa5f50978d8a6c06447c86a
-
SHA512
caeba3b98bae3ec9a7e69a16633b63751c787387cb90ee6e9adfbb2d54a2e33f4af829845a614d33c17dd903592fd25af59bc3837c5efd0891fcb80028e8961d
-
SSDEEP
6144:GehWYdtt5tMrJzP+l3THZUHjyekoYQtSYio3/xp2Fqe:GAdFtM9Lu3TH2uDohZ3Qq
Static task
static1
Behavioral task
behavioral1
Sample
b937942f7bcaf8fa54418e1a83e6c61fbbeec6da0fa5f50978d8a6c06447c86a.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
mario_new
176.122.23.55:11768
-
auth_value
eeee8d5fcc3ba3a42094ef260c5bdcb4
Extracted
redline
1337
78.153.144.6:2510
-
auth_value
b0447922bcbc2eda83260a9e7a638f45
Extracted
socelars
https://hueduy.s3.eu-west-1.amazonaws.com/dhfry901/
Extracted
redline
nam5
103.89.90.61:34589
-
auth_value
f23be8e9063fe5d0c6fc3ee8e7d565bd
Extracted
raccoon
567d5bff28c2a18132d2f88511f07435
http://116.203.167.5/
http://195.201.248.58/
Targets
-
-
Target
b937942f7bcaf8fa54418e1a83e6c61fbbeec6da0fa5f50978d8a6c06447c86a
-
Size
294KB
-
MD5
582d22029015a45bcd36cc3b66834e03
-
SHA1
22fcdc2c63ef7143ac17f9c88b997e933132e930
-
SHA256
b937942f7bcaf8fa54418e1a83e6c61fbbeec6da0fa5f50978d8a6c06447c86a
-
SHA512
caeba3b98bae3ec9a7e69a16633b63751c787387cb90ee6e9adfbb2d54a2e33f4af829845a614d33c17dd903592fd25af59bc3837c5efd0891fcb80028e8961d
-
SSDEEP
6144:GehWYdtt5tMrJzP+l3THZUHjyekoYQtSYio3/xp2Fqe:GAdFtM9Lu3TH2uDohZ3Qq
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Socelars payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-