General
-
Target
7b49ab5367f4c7646b044909a4a0ec5b7f068703041cd9f2119820870662d905
-
Size
153KB
-
Sample
220926-pm75eabhgm
-
MD5
e2246e26385f30ea79ad407d2557e4e4
-
SHA1
e37d0c295dc84b6586c31248ed97ba8e1be43d1c
-
SHA256
7b49ab5367f4c7646b044909a4a0ec5b7f068703041cd9f2119820870662d905
-
SHA512
6f354eed0a1ac885e1bb722b57bbf63f5686f56a3f2ede5915d68bbf3041cec0449f264bccff1724668028dd763ccc66455b9040dbe3914d23fbebe398833912
-
SSDEEP
3072:o2Fmz5kQ4bhXYT7MBvGqilSVBnJ0jH5B:S4bhXYsBvGqnPy
Static task
static1
Behavioral task
behavioral1
Sample
7b49ab5367f4c7646b044909a4a0ec5b7f068703041cd9f2119820870662d905.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Targets
-
-
Target
7b49ab5367f4c7646b044909a4a0ec5b7f068703041cd9f2119820870662d905
-
Size
153KB
-
MD5
e2246e26385f30ea79ad407d2557e4e4
-
SHA1
e37d0c295dc84b6586c31248ed97ba8e1be43d1c
-
SHA256
7b49ab5367f4c7646b044909a4a0ec5b7f068703041cd9f2119820870662d905
-
SHA512
6f354eed0a1ac885e1bb722b57bbf63f5686f56a3f2ede5915d68bbf3041cec0449f264bccff1724668028dd763ccc66455b9040dbe3914d23fbebe398833912
-
SSDEEP
3072:o2Fmz5kQ4bhXYT7MBvGqilSVBnJ0jH5B:S4bhXYsBvGqnPy
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-