General
-
Target
1ef6dd2a098a971e9b7702ad7aad70888eb04bf656c7e1ed8bdb766600fc400e
-
Size
153KB
-
Sample
220926-kllskabcen
-
MD5
8ed0b55bb5d5b4208f636a2d95e8930d
-
SHA1
520f2357c2b267795db6d7846df8631aa65d9a05
-
SHA256
1ef6dd2a098a971e9b7702ad7aad70888eb04bf656c7e1ed8bdb766600fc400e
-
SHA512
d36b8c87ee861ae86c52ef2c0b3c9d6f04603812df8e6bfa994d1afadb79f95818706dc54f2fd5fb4410b98b8bd21a68299bc8d945326a2bd45c9c889651d9e8
-
SSDEEP
3072:NKZKIuG5xCg3o8Bbma2hPocASOqJBMB0g4G5x:BgL22Slw6g
Static task
static1
Behavioral task
behavioral1
Sample
1ef6dd2a098a971e9b7702ad7aad70888eb04bf656c7e1ed8bdb766600fc400e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
1ef6dd2a098a971e9b7702ad7aad70888eb04bf656c7e1ed8bdb766600fc400e
-
Size
153KB
-
MD5
8ed0b55bb5d5b4208f636a2d95e8930d
-
SHA1
520f2357c2b267795db6d7846df8631aa65d9a05
-
SHA256
1ef6dd2a098a971e9b7702ad7aad70888eb04bf656c7e1ed8bdb766600fc400e
-
SHA512
d36b8c87ee861ae86c52ef2c0b3c9d6f04603812df8e6bfa994d1afadb79f95818706dc54f2fd5fb4410b98b8bd21a68299bc8d945326a2bd45c9c889651d9e8
-
SSDEEP
3072:NKZKIuG5xCg3o8Bbma2hPocASOqJBMB0g4G5x:BgL22Slw6g
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-