General
-
Target
789edea2f682ba7f2caf76a0a3ca8559c5204627fd4a829cc863f06017686ccf
-
Size
133KB
-
Sample
220924-swljjschaj
-
MD5
4afd6be2b3ec050cc0fd5b892bfec40c
-
SHA1
83b233a12837796633fc5dd72ab720cf00760dd0
-
SHA256
a49e81bd962a6454c4c2d7436945712d3a9a62eccf372d743c54bcc7c4575462
-
SHA512
e50769f4a7a29dfb3aac42ac8eac9651e93317c6e3d2f63961eddbbaa436c2291a22617ab9b9cb4fa372346e06538dfbea88d2941d2ef414dd3d8929af98a76e
-
SSDEEP
3072:IaZ1rP4Y3D9npa0AktMw3GP929JHVRY9mu/8KF1TvFaCWC+KWp:v15zNUVkGwq98JiJ/h7FnWF
Static task
static1
Behavioral task
behavioral1
Sample
789edea2f682ba7f2caf76a0a3ca8559c5204627fd4a829cc863f06017686ccf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
789edea2f682ba7f2caf76a0a3ca8559c5204627fd4a829cc863f06017686ccf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
LogsDiller Cloud (TG: @me_golds)
77.73.134.27:7161
-
auth_value
e136da06c7c0400f4091dab1787720ea
Extracted
vidar
54.6
1684
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
1684
Targets
-
-
Target
789edea2f682ba7f2caf76a0a3ca8559c5204627fd4a829cc863f06017686ccf
-
Size
197KB
-
MD5
4f208f825d6c1b7a9972c36e7847b3cb
-
SHA1
2ddb59ff34f37b78de4311f76eb8ad350f96623c
-
SHA256
789edea2f682ba7f2caf76a0a3ca8559c5204627fd4a829cc863f06017686ccf
-
SHA512
1a0890b84332eef52ae3fdf8e6af08e229ea318b555249a87fbe871aa60c2fa4e57db469832c6e2aa7326cc0694c291ebb59840f915cb9467a58ab6daba98736
-
SSDEEP
3072:JFD1Ls2T54wR85zK3HJ4QXYMTMnzgABniubt/Pka4x:tLn+wH3HpInzl
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-