General
-
Target
73da121d98bdca9426ff5a71556d343d.exe
-
Size
280KB
-
Sample
220923-gxl1xshccq
-
MD5
73da121d98bdca9426ff5a71556d343d
-
SHA1
a961be6cb8e7a12727e4ef2e67037fd9b530688d
-
SHA256
da59178b5bdf3c372a7ee466713990a0021e2ac5880b8d19b2ddb035ca0e2c9c
-
SHA512
aed31e0f79037a85e455bf679ca0cbda3262e949fab4b21b83ab58367ce63e16e7bef3365bc94a20efe2395077d30670181dda47da68ad4efceca89d0c578fa9
-
SSDEEP
6144:8BKNEDlt+TLUPyCMk9lgIiYW8VexrYYvL0+1ELigavwVfJ:8BCG+syCMkbiYW8exrYYI2
Static task
static1
Behavioral task
behavioral1
Sample
73da121d98bdca9426ff5a71556d343d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
73da121d98bdca9426ff5a71556d343d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
73da121d98bdca9426ff5a71556d343d.exe
-
Size
280KB
-
MD5
73da121d98bdca9426ff5a71556d343d
-
SHA1
a961be6cb8e7a12727e4ef2e67037fd9b530688d
-
SHA256
da59178b5bdf3c372a7ee466713990a0021e2ac5880b8d19b2ddb035ca0e2c9c
-
SHA512
aed31e0f79037a85e455bf679ca0cbda3262e949fab4b21b83ab58367ce63e16e7bef3365bc94a20efe2395077d30670181dda47da68ad4efceca89d0c578fa9
-
SSDEEP
6144:8BKNEDlt+TLUPyCMk9lgIiYW8VexrYYvL0+1ELigavwVfJ:8BCG+syCMkbiYW8exrYYI2
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-