General
-
Target
878dd2cdb73f4e0b533dc811cf5841c8.exe
-
Size
173KB
-
Sample
220921-1qf1wacfgp
-
MD5
878dd2cdb73f4e0b533dc811cf5841c8
-
SHA1
0c3795bdd8863b08f6db06bb9df0ded7a85ab318
-
SHA256
427c95ff1528c467e90476ee77b6f7b04a587113629e254e82e5bbdfcbf92bb7
-
SHA512
5e0371b51cc8e62af101df8ac3f5a3367b843e54f5db168fadca2eabd3d07fd1aa564de9a2f0c54cc492cb31d175d2d42b8316c1e768957187e6f64b568c3ddb
-
SSDEEP
3072:FfLsLZjc5d2z2+nQbSqvqDpsanMZz/wB5XL/v/Pk9Dn:9ILNdznnGSgqkFmL/
Static task
static1
Behavioral task
behavioral1
Sample
878dd2cdb73f4e0b533dc811cf5841c8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
878dd2cdb73f4e0b533dc811cf5841c8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
raccoon
4e187ce10576e2a00834f1b52791b121
http://74.119.194.185/
Targets
-
-
Target
878dd2cdb73f4e0b533dc811cf5841c8.exe
-
Size
173KB
-
MD5
878dd2cdb73f4e0b533dc811cf5841c8
-
SHA1
0c3795bdd8863b08f6db06bb9df0ded7a85ab318
-
SHA256
427c95ff1528c467e90476ee77b6f7b04a587113629e254e82e5bbdfcbf92bb7
-
SHA512
5e0371b51cc8e62af101df8ac3f5a3367b843e54f5db168fadca2eabd3d07fd1aa564de9a2f0c54cc492cb31d175d2d42b8316c1e768957187e6f64b568c3ddb
-
SSDEEP
3072:FfLsLZjc5d2z2+nQbSqvqDpsanMZz/wB5XL/v/Pk9Dn:9ILNdznnGSgqkFmL/
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-