General
-
Target
0413cd47fc3feec56b1de4491071ad14f2025487143821a34694867e31520494
-
Size
200KB
-
Sample
220925-gdv5gsegbr
-
MD5
42bc7169cb277afe6629e5802a97d285
-
SHA1
85b6d767deeb0b6426381b740ca739d85d1bad77
-
SHA256
0413cd47fc3feec56b1de4491071ad14f2025487143821a34694867e31520494
-
SHA512
9dd773823b2ca2a791095366f6e7c433bd3433cfd18b27d2544a85366d25ea964e636b89e86f844fb9585edb9509af980124ab71d6fc9ba1cf023344431ade56
-
SSDEEP
3072:DZtavYRl5L+louhdD+qojkN5b61Ys10Atl4Ii22VSb9Btb0/PkIXx:FLidz3+l4IifVSbt
Static task
static1
Behavioral task
behavioral1
Sample
0413cd47fc3feec56b1de4491071ad14f2025487143821a34694867e31520494.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @me_golds)
77.73.134.27:7161
-
auth_value
e136da06c7c0400f4091dab1787720ea
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
0413cd47fc3feec56b1de4491071ad14f2025487143821a34694867e31520494
-
Size
200KB
-
MD5
42bc7169cb277afe6629e5802a97d285
-
SHA1
85b6d767deeb0b6426381b740ca739d85d1bad77
-
SHA256
0413cd47fc3feec56b1de4491071ad14f2025487143821a34694867e31520494
-
SHA512
9dd773823b2ca2a791095366f6e7c433bd3433cfd18b27d2544a85366d25ea964e636b89e86f844fb9585edb9509af980124ab71d6fc9ba1cf023344431ade56
-
SSDEEP
3072:DZtavYRl5L+louhdD+qojkN5b61Ys10Atl4Ii22VSb9Btb0/PkIXx:FLidz3+l4IifVSbt
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
XMRig Miner payload
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-