General
-
Target
6658d1722940229f9e5b6242d842d47743a1b3a651601348de02db318018506f
-
Size
280KB
-
Sample
220922-xa3yxscbe7
-
MD5
fff29c99cbdf93e61c1e587ba9258a08
-
SHA1
be90f599470b8c33cd0d62579f6cd4d237cd9a4a
-
SHA256
6658d1722940229f9e5b6242d842d47743a1b3a651601348de02db318018506f
-
SHA512
b05bb9ec8f9160a7628e2c62f1bebcf637ecf1f23a7a55398a22872d8a3ffe03f7f076fc28ec07759a13453256ae6f3fc0fb508fe67b20e42aca1f3081d608ea
-
SSDEEP
6144:/HXMbT0OdLqfp+kbxMenO+Znf05R81igavwVfX:/HXS0SGp+kbhHK5R8Y
Static task
static1
Behavioral task
behavioral1
Sample
6658d1722940229f9e5b6242d842d47743a1b3a651601348de02db318018506f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
6658d1722940229f9e5b6242d842d47743a1b3a651601348de02db318018506f
-
Size
280KB
-
MD5
fff29c99cbdf93e61c1e587ba9258a08
-
SHA1
be90f599470b8c33cd0d62579f6cd4d237cd9a4a
-
SHA256
6658d1722940229f9e5b6242d842d47743a1b3a651601348de02db318018506f
-
SHA512
b05bb9ec8f9160a7628e2c62f1bebcf637ecf1f23a7a55398a22872d8a3ffe03f7f076fc28ec07759a13453256ae6f3fc0fb508fe67b20e42aca1f3081d608ea
-
SSDEEP
6144:/HXMbT0OdLqfp+kbxMenO+Znf05R81igavwVfX:/HXS0SGp+kbhHK5R8Y
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-