General
-
Target
c47a6d3e018fdbc0f63c224735e6ed5746bc6a70c26f7c60e9ccdcd030ac38e6
-
Size
152KB
-
Sample
220926-masg3sbehr
-
MD5
98ec29af64a184234c8b03f6d1a15966
-
SHA1
b50d3fb32e4f8482795a935f231293fd98986701
-
SHA256
c47a6d3e018fdbc0f63c224735e6ed5746bc6a70c26f7c60e9ccdcd030ac38e6
-
SHA512
fc6460295348b412d381e947bbabb6ad6ba6f967f5660cd9a75d52ca5ffd24e54918f82629607e7ace6bab0311c627e0380eaff495b06d9236d5f31b639adf3f
-
SSDEEP
3072:DCWZgGz5eoir8zOBB1+GC2bz9K7ez2653Bkj2kY5B:96loZTGC2/99q65Sj
Static task
static1
Behavioral task
behavioral1
Sample
c47a6d3e018fdbc0f63c224735e6ed5746bc6a70c26f7c60e9ccdcd030ac38e6.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Targets
-
-
Target
c47a6d3e018fdbc0f63c224735e6ed5746bc6a70c26f7c60e9ccdcd030ac38e6
-
Size
152KB
-
MD5
98ec29af64a184234c8b03f6d1a15966
-
SHA1
b50d3fb32e4f8482795a935f231293fd98986701
-
SHA256
c47a6d3e018fdbc0f63c224735e6ed5746bc6a70c26f7c60e9ccdcd030ac38e6
-
SHA512
fc6460295348b412d381e947bbabb6ad6ba6f967f5660cd9a75d52ca5ffd24e54918f82629607e7ace6bab0311c627e0380eaff495b06d9236d5f31b639adf3f
-
SSDEEP
3072:DCWZgGz5eoir8zOBB1+GC2bz9K7ez2653Bkj2kY5B:96loZTGC2/99q65Sj
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-