General
-
Target
ac4ac9ae95f9b2b20f7b096d3b6ade8cb40a476ffe5567c0fca714ea6c05a8ae
-
Size
280KB
-
Sample
220922-yblxgacca9
-
MD5
2d78e577e1d23eabb3a50b6db212b52e
-
SHA1
f488354e34b96053c9ff0b14dbef22e953bce5d9
-
SHA256
ac4ac9ae95f9b2b20f7b096d3b6ade8cb40a476ffe5567c0fca714ea6c05a8ae
-
SHA512
4886732e3a00347852fd5643cd710af914675a7fc521895dc6089f8d1d029baae6e3ff9e97251ea77ab544ffe6e618eee64baad152f9a1f9c86c120cbc8216cb
-
SSDEEP
6144:+WtYjXbvL4sz+kO5DLy2Bv0B/OEigavwVfgD:+WtUrvz+kOVLy2eB/aT
Static task
static1
Behavioral task
behavioral1
Sample
ac4ac9ae95f9b2b20f7b096d3b6ade8cb40a476ffe5567c0fca714ea6c05a8ae.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
ac4ac9ae95f9b2b20f7b096d3b6ade8cb40a476ffe5567c0fca714ea6c05a8ae
-
Size
280KB
-
MD5
2d78e577e1d23eabb3a50b6db212b52e
-
SHA1
f488354e34b96053c9ff0b14dbef22e953bce5d9
-
SHA256
ac4ac9ae95f9b2b20f7b096d3b6ade8cb40a476ffe5567c0fca714ea6c05a8ae
-
SHA512
4886732e3a00347852fd5643cd710af914675a7fc521895dc6089f8d1d029baae6e3ff9e97251ea77ab544ffe6e618eee64baad152f9a1f9c86c120cbc8216cb
-
SSDEEP
6144:+WtYjXbvL4sz+kO5DLy2Bv0B/OEigavwVfgD:+WtUrvz+kOVLy2eB/aT
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-