General
-
Target
2ab82bd451838c0923cd04892c5567f9e60d6f72e3bc5286c2374e4cd7d712f6
-
Size
273KB
-
Sample
220922-c5frnahfd5
-
MD5
7743757c264cb5f69b6d44e78420298b
-
SHA1
26abfaeffce65842da7c60191d104f185b437193
-
SHA256
2ab82bd451838c0923cd04892c5567f9e60d6f72e3bc5286c2374e4cd7d712f6
-
SHA512
2db9ee5f2d93398926a7f7ba8a3884679913a88d6793fe4e669b5260f44176b31794e48a76766997ca9b910a5561cf28bf3d6f7008719d0e2cc9012b15e63871
-
SSDEEP
6144:z8jLVJSj0p4zi0iD320ARRW5migavwVfl:z8jLVkj0p4+bHARRW57i
Static task
static1
Behavioral task
behavioral1
Sample
2ab82bd451838c0923cd04892c5567f9e60d6f72e3bc5286c2374e4cd7d712f6.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
2ab82bd451838c0923cd04892c5567f9e60d6f72e3bc5286c2374e4cd7d712f6
-
Size
273KB
-
MD5
7743757c264cb5f69b6d44e78420298b
-
SHA1
26abfaeffce65842da7c60191d104f185b437193
-
SHA256
2ab82bd451838c0923cd04892c5567f9e60d6f72e3bc5286c2374e4cd7d712f6
-
SHA512
2db9ee5f2d93398926a7f7ba8a3884679913a88d6793fe4e669b5260f44176b31794e48a76766997ca9b910a5561cf28bf3d6f7008719d0e2cc9012b15e63871
-
SSDEEP
6144:z8jLVJSj0p4zi0iD320ARRW5migavwVfl:z8jLVkj0p4+bHARRW57i
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-