General
-
Target
df2ea3e0855a244ecd99b5ad00947b5c18f003907c6b7fa841c202cd614e4c4e
-
Size
281KB
-
Sample
220922-ha7jsaeadj
-
MD5
d491d8b8c7657c51fbf7b5f7b4a78442
-
SHA1
08d8817610f546c2b6b7ffe3623449ff3faf3c6e
-
SHA256
df2ea3e0855a244ecd99b5ad00947b5c18f003907c6b7fa841c202cd614e4c4e
-
SHA512
96d397cdc3e71061e336954c448351c85d6ca7fe3448fdc357dcf2ed942ff9ea5a359ac60a568fb7c0f5c173b3a3a1d65ea5e468701559076ff2a1584e0ca954
-
SSDEEP
6144:Idy/TH08FoFD7GkyBxnO2Sp804lBjazigavwVfV:Idy/YNFD7GkwOx4T+O
Static task
static1
Behavioral task
behavioral1
Sample
df2ea3e0855a244ecd99b5ad00947b5c18f003907c6b7fa841c202cd614e4c4e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
df2ea3e0855a244ecd99b5ad00947b5c18f003907c6b7fa841c202cd614e4c4e
-
Size
281KB
-
MD5
d491d8b8c7657c51fbf7b5f7b4a78442
-
SHA1
08d8817610f546c2b6b7ffe3623449ff3faf3c6e
-
SHA256
df2ea3e0855a244ecd99b5ad00947b5c18f003907c6b7fa841c202cd614e4c4e
-
SHA512
96d397cdc3e71061e336954c448351c85d6ca7fe3448fdc357dcf2ed942ff9ea5a359ac60a568fb7c0f5c173b3a3a1d65ea5e468701559076ff2a1584e0ca954
-
SSDEEP
6144:Idy/TH08FoFD7GkyBxnO2Sp804lBjazigavwVfV:Idy/YNFD7GkwOx4T+O
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-