General
-
Target
0d4755822c399c1724aba59ff9cd587b80cd7b324cb6709a9d997a5569a7b7cb
-
Size
154KB
-
Sample
220926-fpq48saffq
-
MD5
360cf16df323e0288bd9b245735ebf41
-
SHA1
8e3ace582f4c30b451ed145976d592dfe9f45ed5
-
SHA256
0d4755822c399c1724aba59ff9cd587b80cd7b324cb6709a9d997a5569a7b7cb
-
SHA512
8b9a4752d70f2ec33503a5347f7c44ce3f5efea9a9936f1df4858d0e54ff0179ce20cb23737fb343375cfbc3abf967f5161e29c0244586750c8a4e5d01ecc769
-
SSDEEP
3072:xU9lGG5pTQwk2gwrIO4PkrpQdhs/lDdlVvgCB/eAeRwm5x:OnUO7rIOS4yhsdDBt/eR
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
redline
insmix
jamesmillion2.xyz:9420
-
auth_value
f388a05524f756108c9e4b0f4c4bafb6
Targets
-
-
Target
0d4755822c399c1724aba59ff9cd587b80cd7b324cb6709a9d997a5569a7b7cb
-
Size
154KB
-
MD5
360cf16df323e0288bd9b245735ebf41
-
SHA1
8e3ace582f4c30b451ed145976d592dfe9f45ed5
-
SHA256
0d4755822c399c1724aba59ff9cd587b80cd7b324cb6709a9d997a5569a7b7cb
-
SHA512
8b9a4752d70f2ec33503a5347f7c44ce3f5efea9a9936f1df4858d0e54ff0179ce20cb23737fb343375cfbc3abf967f5161e29c0244586750c8a4e5d01ecc769
-
SSDEEP
3072:xU9lGG5pTQwk2gwrIO4PkrpQdhs/lDdlVvgCB/eAeRwm5x:OnUO7rIOS4yhsdDBt/eR
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-