General
-
Target
fb2aaed41e10a45d994d737dcd3a12ba69dfdf25282b8e6e51bd0066f8d82b6d
-
Size
200KB
-
Sample
220924-b4y16sbfgr
-
MD5
c587ed22b40e00f49503976e8f5de5bb
-
SHA1
d2053198d537f77bd3796fbb2715edf13fd51fd7
-
SHA256
fb2aaed41e10a45d994d737dcd3a12ba69dfdf25282b8e6e51bd0066f8d82b6d
-
SHA512
75fda399ce1dc896561ab4faed8bc70b808ffa4048af83e5e359767242f2a91e7b7da1e0fb256591da3257227f9b6a3c516c948c456a2db9436fdbf478b4ebff
-
SSDEEP
3072:awpOnSM2Lbffbg85mxDJx26XZCXNbOnHt8yKYBgm8bQ/Pkj4x:acttLbb0VMS+JON8y6J
Static task
static1
Behavioral task
behavioral1
Sample
fb2aaed41e10a45d994d737dcd3a12ba69dfdf25282b8e6e51bd0066f8d82b6d.exe
Resource
win10-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:8163
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
32489234
78.153.144.6:2510
-
auth_value
ad7ebeff731e5655a1b7feb5e468ead2
Targets
-
-
Target
fb2aaed41e10a45d994d737dcd3a12ba69dfdf25282b8e6e51bd0066f8d82b6d
-
Size
200KB
-
MD5
c587ed22b40e00f49503976e8f5de5bb
-
SHA1
d2053198d537f77bd3796fbb2715edf13fd51fd7
-
SHA256
fb2aaed41e10a45d994d737dcd3a12ba69dfdf25282b8e6e51bd0066f8d82b6d
-
SHA512
75fda399ce1dc896561ab4faed8bc70b808ffa4048af83e5e359767242f2a91e7b7da1e0fb256591da3257227f9b6a3c516c948c456a2db9436fdbf478b4ebff
-
SSDEEP
3072:awpOnSM2Lbffbg85mxDJx26XZCXNbOnHt8yKYBgm8bQ/Pkj4x:acttLbb0VMS+JON8y6J
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-