General
-
Target
88b57828bea85db74dd4512bcf12edc5.exe
-
Size
281KB
-
Sample
220922-l43dpsegem
-
MD5
88b57828bea85db74dd4512bcf12edc5
-
SHA1
02bb121a1cd968b0154eeefbd1b556a7d0572c96
-
SHA256
fa1597898a74d717afcad5809dad53880d34f25f106736bb3fd4835e93204ae1
-
SHA512
6c7c3188cac327e8fb04af4ac7f0d146ac893583744ead90b63aa64b1e89aadefe0f0c4e75343a384914616ed2845effd13f1e5f19dce654229ff4d4def593f0
-
SSDEEP
6144:eFaT3b20OhwFj/P5tjfc7G19CDb0ZiigavwVf:eFaTCAFj/R1fc7tsp
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
88b57828bea85db74dd4512bcf12edc5.exe
-
Size
281KB
-
MD5
88b57828bea85db74dd4512bcf12edc5
-
SHA1
02bb121a1cd968b0154eeefbd1b556a7d0572c96
-
SHA256
fa1597898a74d717afcad5809dad53880d34f25f106736bb3fd4835e93204ae1
-
SHA512
6c7c3188cac327e8fb04af4ac7f0d146ac893583744ead90b63aa64b1e89aadefe0f0c4e75343a384914616ed2845effd13f1e5f19dce654229ff4d4def593f0
-
SSDEEP
6144:eFaT3b20OhwFj/P5tjfc7G19CDb0ZiigavwVf:eFaTCAFj/R1fc7tsp
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-