General
-
Target
ca6055c7536412989c9f08e41586b0e9.exe
-
Size
129KB
-
Sample
220926-v7prfsbeb6
-
MD5
ca6055c7536412989c9f08e41586b0e9
-
SHA1
2bfa09b4126abffdbbc1648eb624f523e8069839
-
SHA256
6336b9fbb76277167facddac816655d079a8604f7273b2bb8dad169d1723c793
-
SHA512
9f0d1be90806dcb365e09a71e9f4754940b16de339ddf3438366534b677df5687152474faeeffe686823ee772ed8a9fa134638d21cf88951ceb75383767699b8
-
SSDEEP
1536:X/SmjYuHqP45Tc5/KjCKwtylzDYEuCN7QhDSKzyXWiZfOEQVr/R19Ow5B:X6mjfTc5KCK4ykz1zymi0EUr/R195B
Static task
static1
Behavioral task
behavioral1
Sample
ca6055c7536412989c9f08e41586b0e9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ca6055c7536412989c9f08e41586b0e9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
installskript
185.224.133.182:16382
-
auth_value
f7f5626eb8e9e541c2d17255f9d8f755
Targets
-
-
Target
ca6055c7536412989c9f08e41586b0e9.exe
-
Size
129KB
-
MD5
ca6055c7536412989c9f08e41586b0e9
-
SHA1
2bfa09b4126abffdbbc1648eb624f523e8069839
-
SHA256
6336b9fbb76277167facddac816655d079a8604f7273b2bb8dad169d1723c793
-
SHA512
9f0d1be90806dcb365e09a71e9f4754940b16de339ddf3438366534b677df5687152474faeeffe686823ee772ed8a9fa134638d21cf88951ceb75383767699b8
-
SSDEEP
1536:X/SmjYuHqP45Tc5/KjCKwtylzDYEuCN7QhDSKzyXWiZfOEQVr/R19Ow5B:X6mjfTc5KCK4ykz1zymi0EUr/R195B
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-