General
-
Target
a4b18ce54301fdad6c022f031fb60c656b730ac90399ee7b2a8ba2f675b0297e
-
Size
132KB
-
Sample
220924-s9mc1abef5
-
MD5
e6593cedd540ca0fe5b687a6e2af3019
-
SHA1
2f9e30e5a81577b454b5664ef553ad915466400b
-
SHA256
a5b555abb09d733e2aa67f9b88dd42cbf9ab0ad2fd9bce1abaf9ef7319187c7f
-
SHA512
4f4e11e1e956f1d7d52cfc94cc6c6af1ab3544da015b88a3e63eee5668e4971cd9ba19b10ba4681ed8d1c2eba7fb5b2c58e49e47682512812f61262a59961098
-
SSDEEP
3072:RvR7/pfLA9UbUoDPaYxKb2LrpyrvmAoTS1k9+OmT6qpXLOc4Kdux+I275hGpcQv7:R5VfLAnojaoKbOEiBTSg82qpE5c5YZv7
Static task
static1
Behavioral task
behavioral1
Sample
a4b18ce54301fdad6c022f031fb60c656b730ac90399ee7b2a8ba2f675b0297e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a4b18ce54301fdad6c022f031fb60c656b730ac90399ee7b2a8ba2f675b0297e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
LogsDiller Cloud (TG: @me_golds)
77.73.134.27:7161
-
auth_value
e136da06c7c0400f4091dab1787720ea
Targets
-
-
Target
a4b18ce54301fdad6c022f031fb60c656b730ac90399ee7b2a8ba2f675b0297e
-
Size
196KB
-
MD5
8e28c598cc3748e178fc122402d2efa5
-
SHA1
645ecc9547792cf551c96fb361c10f020984dcbb
-
SHA256
a4b18ce54301fdad6c022f031fb60c656b730ac90399ee7b2a8ba2f675b0297e
-
SHA512
b4cb9af35ee6b9a0024bce852effe8bd7981b5d5eaf68721d758386004e3fa47c7cf70b773305a14a1d8c672831d411edd10fa68e391a1f5c9b9f53d8e9269b5
-
SSDEEP
3072:cekgbLjJ+kMX85vXkfzoaIscnt0mQbeBtKTxPmv/Pka4x:hLgkM+00aIN8c
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-