General
-
Target
a508436df55c291b28b9f0ea5150507ea0eb0b37440d433496d317c331f59c1f
-
Size
280KB
-
Sample
220922-schcsabga6
-
MD5
43154d9a789710ee99d50a092789046d
-
SHA1
9ec9ba2b6551bd07048526ba4942e6cc06adbeb8
-
SHA256
a508436df55c291b28b9f0ea5150507ea0eb0b37440d433496d317c331f59c1f
-
SHA512
0faf26e68b4b027075dfd752b45e545411935c47717842d00a853ae3ef049b275eeaf79f5d9fdc6e6680cd96bddf65647969c01c893084fb05bd04899eb9aa73
-
SSDEEP
6144:qF0lzg6P+vL7t88yKAYV65PA9d0PVigavwVf9RD:qFcNMq8yKAYVyjAI
Static task
static1
Behavioral task
behavioral1
Sample
a508436df55c291b28b9f0ea5150507ea0eb0b37440d433496d317c331f59c1f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
a508436df55c291b28b9f0ea5150507ea0eb0b37440d433496d317c331f59c1f
-
Size
280KB
-
MD5
43154d9a789710ee99d50a092789046d
-
SHA1
9ec9ba2b6551bd07048526ba4942e6cc06adbeb8
-
SHA256
a508436df55c291b28b9f0ea5150507ea0eb0b37440d433496d317c331f59c1f
-
SHA512
0faf26e68b4b027075dfd752b45e545411935c47717842d00a853ae3ef049b275eeaf79f5d9fdc6e6680cd96bddf65647969c01c893084fb05bd04899eb9aa73
-
SSDEEP
6144:qF0lzg6P+vL7t88yKAYV65PA9d0PVigavwVf9RD:qFcNMq8yKAYVyjAI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-