General
-
Target
8d84fbaf04aa367f5b193fec39e6c846.exe
-
Size
274KB
-
Sample
220922-eegx5sddhn
-
MD5
8d84fbaf04aa367f5b193fec39e6c846
-
SHA1
51e674d175baa2f0dcc70e52642d5a1accec2dfc
-
SHA256
11212a25a03d681bfb1a7b537b8e066c09d506a30728bd377d47480d8274847a
-
SHA512
43e73a0c1a533d42f76d31d6b6763e5d9523f65add668b75a34cc7ebb82ccd3ae41688ab5d6478c8213dda108143b31fb2be31317e060c1790e8681cfa019b10
-
SSDEEP
3072:e85Xy/AkR0X6iYF5I8CS9SodNY8KYq8TX8FVL9g0Ky046SsxkgaBChEpZa9uD6V0:e4yxARZS9LdNoACh9g0XaigavwVfs
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
8d84fbaf04aa367f5b193fec39e6c846.exe
-
Size
274KB
-
MD5
8d84fbaf04aa367f5b193fec39e6c846
-
SHA1
51e674d175baa2f0dcc70e52642d5a1accec2dfc
-
SHA256
11212a25a03d681bfb1a7b537b8e066c09d506a30728bd377d47480d8274847a
-
SHA512
43e73a0c1a533d42f76d31d6b6763e5d9523f65add668b75a34cc7ebb82ccd3ae41688ab5d6478c8213dda108143b31fb2be31317e060c1790e8681cfa019b10
-
SSDEEP
3072:e85Xy/AkR0X6iYF5I8CS9SodNY8KYq8TX8FVL9g0Ky046SsxkgaBChEpZa9uD6V0:e4yxARZS9LdNoACh9g0XaigavwVfs
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-