General
-
Target
3ba84d2ab55a688aa11e96a1928b6e93aff1edcfc70ee2191c5bba731e5f3522
-
Size
170KB
-
Sample
220926-d7xnmaadgq
-
MD5
d269585b3cb183070936730eeedeb198
-
SHA1
87a84ffc2202d9eb2bf06d9a351255477177cd73
-
SHA256
3ba84d2ab55a688aa11e96a1928b6e93aff1edcfc70ee2191c5bba731e5f3522
-
SHA512
8e304dbbe73367529248a45a39b4c3097d8d6d9b3769609b456c6d8aac21c8d814472e122ccba66fc3827192f359b5bd9b8ed2f24f56dc5ca4840bb75cf95d63
-
SSDEEP
3072:o2C7YNGmoir35Hshv5Rogat9nVCBYUXH2YlqL5x:dAssxogapY1
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
3ba84d2ab55a688aa11e96a1928b6e93aff1edcfc70ee2191c5bba731e5f3522
-
Size
170KB
-
MD5
d269585b3cb183070936730eeedeb198
-
SHA1
87a84ffc2202d9eb2bf06d9a351255477177cd73
-
SHA256
3ba84d2ab55a688aa11e96a1928b6e93aff1edcfc70ee2191c5bba731e5f3522
-
SHA512
8e304dbbe73367529248a45a39b4c3097d8d6d9b3769609b456c6d8aac21c8d814472e122ccba66fc3827192f359b5bd9b8ed2f24f56dc5ca4840bb75cf95d63
-
SSDEEP
3072:o2C7YNGmoir35Hshv5Rogat9nVCBYUXH2YlqL5x:dAssxogapY1
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-