General
-
Target
742b1591616fd98caa4689cfe052b8e73b305e3d4b9184bd9d98b31fa3c79aa5
-
Size
154KB
-
Sample
220926-fnbcdsaffj
-
MD5
c2f8e587f8afa8130edb79fc05a82977
-
SHA1
22d951863825fe82ab26467cb9d252e3e6cf76c1
-
SHA256
742b1591616fd98caa4689cfe052b8e73b305e3d4b9184bd9d98b31fa3c79aa5
-
SHA512
cad94bf8fd311768adb3b27e838a5b24a1c468725f439b7008eb43d99099f8cee310b9f7e4de1cef51875b40d15560edb8c681c7957c5e9e08d2d140ea03ab56
-
SSDEEP
3072:4aCGG5fvQYLSHfQZKkCgd4zQBvFKSpK5x:mXV7NOz4/
Static task
static1
Behavioral task
behavioral1
Sample
742b1591616fd98caa4689cfe052b8e73b305e3d4b9184bd9d98b31fa3c79aa5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
742b1591616fd98caa4689cfe052b8e73b305e3d4b9184bd9d98b31fa3c79aa5
-
Size
154KB
-
MD5
c2f8e587f8afa8130edb79fc05a82977
-
SHA1
22d951863825fe82ab26467cb9d252e3e6cf76c1
-
SHA256
742b1591616fd98caa4689cfe052b8e73b305e3d4b9184bd9d98b31fa3c79aa5
-
SHA512
cad94bf8fd311768adb3b27e838a5b24a1c468725f439b7008eb43d99099f8cee310b9f7e4de1cef51875b40d15560edb8c681c7957c5e9e08d2d140ea03ab56
-
SSDEEP
3072:4aCGG5fvQYLSHfQZKkCgd4zQBvFKSpK5x:mXV7NOz4/
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-