General
-
Target
9ba8c7dab5d07b598f4b35471c9e43fbb3ebd4558ec9243093c7bc8bd59fbfb6
-
Size
170KB
-
Sample
220923-hgyv8ahchp
-
MD5
1b8b05a2b79ddfb0d6a04ae15099ee10
-
SHA1
13115be914e8408849c9a7c77d6259eff18a6c16
-
SHA256
9ba8c7dab5d07b598f4b35471c9e43fbb3ebd4558ec9243093c7bc8bd59fbfb6
-
SHA512
3b960a23c67ae39b22b6673501caed3eb65ab33120892ca3e5cbf45b12b3eafcd680bf16d53b0f2be8a93cb1401d3ffda225307da1a08bd59a64655681f1ff7f
-
SSDEEP
3072:cPBL8sV5afyniZd2ybUcqgEGywBISBhUNf/PkWDn:SLNyfhZd22UetiSjUN
Static task
static1
Behavioral task
behavioral1
Sample
9ba8c7dab5d07b598f4b35471c9e43fbb3ebd4558ec9243093c7bc8bd59fbfb6.exe
Resource
win10-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
9ba8c7dab5d07b598f4b35471c9e43fbb3ebd4558ec9243093c7bc8bd59fbfb6
-
Size
170KB
-
MD5
1b8b05a2b79ddfb0d6a04ae15099ee10
-
SHA1
13115be914e8408849c9a7c77d6259eff18a6c16
-
SHA256
9ba8c7dab5d07b598f4b35471c9e43fbb3ebd4558ec9243093c7bc8bd59fbfb6
-
SHA512
3b960a23c67ae39b22b6673501caed3eb65ab33120892ca3e5cbf45b12b3eafcd680bf16d53b0f2be8a93cb1401d3ffda225307da1a08bd59a64655681f1ff7f
-
SSDEEP
3072:cPBL8sV5afyniZd2ybUcqgEGywBISBhUNf/PkWDn:SLNyfhZd22UetiSjUN
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-