General
-
Target
6ca3bf02fec859255bfc95c1ecec1b227f1957cac0bad6e7b3f8e625df36a5df
-
Size
196KB
-
Sample
220924-z63ddaddbm
-
MD5
be99057b654afcd93058886399c49028
-
SHA1
6d55ea7c5258fea8057e1984f6b5565d99feba06
-
SHA256
6ca3bf02fec859255bfc95c1ecec1b227f1957cac0bad6e7b3f8e625df36a5df
-
SHA512
10d5444e34f9dfe5bea07b12d9ba19aa84bc3f6fe301f235c1b754ae8e9f1563f796a1a9a94ce6ad42611aea56445857fbd9512372ccb43ba2b0c9da475c966c
-
SSDEEP
3072:6AXCcFLtOH0BbN5i0qkK4vJ6ezKeIoXww6O3Jq2BER9lib/PkkXx:ZFLw0BdqwvJ6gK5oXFV3JYU
Static task
static1
Behavioral task
behavioral1
Sample
6ca3bf02fec859255bfc95c1ecec1b227f1957cac0bad6e7b3f8e625df36a5df.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Extracted
redline
LogsDiller Cloud (TG: @me_golds)
77.73.134.27:7161
-
auth_value
e136da06c7c0400f4091dab1787720ea
Targets
-
-
Target
6ca3bf02fec859255bfc95c1ecec1b227f1957cac0bad6e7b3f8e625df36a5df
-
Size
196KB
-
MD5
be99057b654afcd93058886399c49028
-
SHA1
6d55ea7c5258fea8057e1984f6b5565d99feba06
-
SHA256
6ca3bf02fec859255bfc95c1ecec1b227f1957cac0bad6e7b3f8e625df36a5df
-
SHA512
10d5444e34f9dfe5bea07b12d9ba19aa84bc3f6fe301f235c1b754ae8e9f1563f796a1a9a94ce6ad42611aea56445857fbd9512372ccb43ba2b0c9da475c966c
-
SSDEEP
3072:6AXCcFLtOH0BbN5i0qkK4vJ6ezKeIoXww6O3Jq2BER9lib/PkkXx:ZFLw0BdqwvJ6gK5oXFV3JYU
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-