General
-
Target
35fc6d1e464799851b89408a05bbf195ab4e93a8e6d7fcd54ba00020083893c9
-
Size
280KB
-
Sample
220923-bt2z3scga5
-
MD5
7f483f7d3bb6769ea58c86abcb15ee25
-
SHA1
387f3d795878ca61ae399f089347cd6eb9b4f813
-
SHA256
35fc6d1e464799851b89408a05bbf195ab4e93a8e6d7fcd54ba00020083893c9
-
SHA512
2a808f2f67fde593beaba0b33667996d2855150e0020215a46bd6a2f6f359303f694fea60f62446aa6de8f4b8a25550f09bd478d116d6e9805499a13759efb5b
-
SSDEEP
6144:Vf+ChsoLyOwwDOkVQKy8mutONIUiB0mwfIigavwVf:Vf+gxuOwwD/PP1tg1fmi1
Static task
static1
Behavioral task
behavioral1
Sample
35fc6d1e464799851b89408a05bbf195ab4e93a8e6d7fcd54ba00020083893c9.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
35fc6d1e464799851b89408a05bbf195ab4e93a8e6d7fcd54ba00020083893c9
-
Size
280KB
-
MD5
7f483f7d3bb6769ea58c86abcb15ee25
-
SHA1
387f3d795878ca61ae399f089347cd6eb9b4f813
-
SHA256
35fc6d1e464799851b89408a05bbf195ab4e93a8e6d7fcd54ba00020083893c9
-
SHA512
2a808f2f67fde593beaba0b33667996d2855150e0020215a46bd6a2f6f359303f694fea60f62446aa6de8f4b8a25550f09bd478d116d6e9805499a13759efb5b
-
SSDEEP
6144:Vf+ChsoLyOwwDOkVQKy8mutONIUiB0mwfIigavwVf:Vf+gxuOwwD/PP1tg1fmi1
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-