General
-
Target
f9fcf77627f218d8296e09f6aee34a0fb88c657c48430be774d6e44baf77a7c5
-
Size
279KB
-
Sample
220922-t58k4sbhe9
-
MD5
d68238a05949d369e33026464a81673f
-
SHA1
24d6e6c0ed4471c43e61121e3ca1ba0abaeef693
-
SHA256
f9fcf77627f218d8296e09f6aee34a0fb88c657c48430be774d6e44baf77a7c5
-
SHA512
46cd38e378bf29b9e653a118046170b079c638d3654724a6700420b467321796727a047481ac519d4b75d432b28631683b6d4512ef12e8d405cce0b01646094d
-
SSDEEP
6144:3V+UkV++rLQwaCXGxS4BX0XojNw0E8knigavwVf1:3V+FXPaCXGxzB3E8x
Static task
static1
Behavioral task
behavioral1
Sample
f9fcf77627f218d8296e09f6aee34a0fb88c657c48430be774d6e44baf77a7c5.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
f9fcf77627f218d8296e09f6aee34a0fb88c657c48430be774d6e44baf77a7c5
-
Size
279KB
-
MD5
d68238a05949d369e33026464a81673f
-
SHA1
24d6e6c0ed4471c43e61121e3ca1ba0abaeef693
-
SHA256
f9fcf77627f218d8296e09f6aee34a0fb88c657c48430be774d6e44baf77a7c5
-
SHA512
46cd38e378bf29b9e653a118046170b079c638d3654724a6700420b467321796727a047481ac519d4b75d432b28631683b6d4512ef12e8d405cce0b01646094d
-
SSDEEP
6144:3V+UkV++rLQwaCXGxS4BX0XojNw0E8knigavwVf1:3V+FXPaCXGxzB3E8x
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-