General
-
Target
f32f166914d3812ade5ed43b03c8b8e10f48b3dc3d6950309eaa0792cd31a4d3
-
Size
170KB
-
Sample
220926-a6ybzshhfl
-
MD5
1dc37a639e0219c3309b8288d9ff63fa
-
SHA1
8146e02a5df3499a5091b9e7934af2fc5e812d6a
-
SHA256
f32f166914d3812ade5ed43b03c8b8e10f48b3dc3d6950309eaa0792cd31a4d3
-
SHA512
9e51e36ae942d83bde2b59a4e593f6643b06cfc7ef90bb371cbceb4141e9a69af4ad5e5b028161b555a11785b2822f31bb224615c0a639cb02a39afe588a3f21
-
SSDEEP
3072:JZoPeiNcMAL8z5CoVLIih2eLtdeGoM8DfWBnaDWsF5x:wNmo9IifLWfU6Ws
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
redline
insmix
jamesmillion2.xyz:9420
-
auth_value
f388a05524f756108c9e4b0f4c4bafb6
Targets
-
-
Target
f32f166914d3812ade5ed43b03c8b8e10f48b3dc3d6950309eaa0792cd31a4d3
-
Size
170KB
-
MD5
1dc37a639e0219c3309b8288d9ff63fa
-
SHA1
8146e02a5df3499a5091b9e7934af2fc5e812d6a
-
SHA256
f32f166914d3812ade5ed43b03c8b8e10f48b3dc3d6950309eaa0792cd31a4d3
-
SHA512
9e51e36ae942d83bde2b59a4e593f6643b06cfc7ef90bb371cbceb4141e9a69af4ad5e5b028161b555a11785b2822f31bb224615c0a639cb02a39afe588a3f21
-
SSDEEP
3072:JZoPeiNcMAL8z5CoVLIih2eLtdeGoM8DfWBnaDWsF5x:wNmo9IifLWfU6Ws
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-