General
-
Target
29466d5093964da3c192dd90ae1af32d46d3161eabfc9181119fa899fd885af3
-
Size
173KB
-
Sample
220921-261kwschcn
-
MD5
3f3748a9b0818417895430789d416bf3
-
SHA1
75a138817575cc8eff12163d019c0a6e16326c73
-
SHA256
29466d5093964da3c192dd90ae1af32d46d3161eabfc9181119fa899fd885af3
-
SHA512
e7173d1c2479272d9a88ca55af73407d92931a174cbb2240c5a3edc31f8347925a80351d320034d64f5ff6568d8bc3aabe88d0aeaa334dfbf5b938720d1009ef
-
SSDEEP
3072:p2NkLLeHk5SIh7gQK2Ke6XJE9eLu74mF+TYB91Y/Pk9Dn:8OL4FImQ/6X7y7PQTe
Static task
static1
Behavioral task
behavioral1
Sample
29466d5093964da3c192dd90ae1af32d46d3161eabfc9181119fa899fd885af3.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
29466d5093964da3c192dd90ae1af32d46d3161eabfc9181119fa899fd885af3
-
Size
173KB
-
MD5
3f3748a9b0818417895430789d416bf3
-
SHA1
75a138817575cc8eff12163d019c0a6e16326c73
-
SHA256
29466d5093964da3c192dd90ae1af32d46d3161eabfc9181119fa899fd885af3
-
SHA512
e7173d1c2479272d9a88ca55af73407d92931a174cbb2240c5a3edc31f8347925a80351d320034d64f5ff6568d8bc3aabe88d0aeaa334dfbf5b938720d1009ef
-
SSDEEP
3072:p2NkLLeHk5SIh7gQK2Ke6XJE9eLu74mF+TYB91Y/Pk9Dn:8OL4FImQ/6X7y7PQTe
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-