General
-
Target
848c4428ff884b8ba0b141fccf45316b.exe
-
Size
153KB
-
Sample
220926-vjj63acefr
-
MD5
848c4428ff884b8ba0b141fccf45316b
-
SHA1
82093c862a4e80217f6e86404685b4dc21c50960
-
SHA256
707a04a12631b78cc0b83d4218a3c2caab5a031a0352fb85c2b5c761c937b0be
-
SHA512
ea2b27ab853ad1c792151e630a25deca2c585dbbde54a525c583f10bad81c70c97967022df29169abbdcc9d1ddccf34ac5a5558203da5e1e4d0e9d85779af8a0
-
SSDEEP
3072:JvvK2BTc5XUg22bw7m+t84VIME6BJ81J5B:lgy+w7/JVIdO
Static task
static1
Behavioral task
behavioral1
Sample
848c4428ff884b8ba0b141fccf45316b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
848c4428ff884b8ba0b141fccf45316b.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
installskript
185.224.133.182:16382
-
auth_value
f7f5626eb8e9e541c2d17255f9d8f755
Targets
-
-
Target
848c4428ff884b8ba0b141fccf45316b.exe
-
Size
153KB
-
MD5
848c4428ff884b8ba0b141fccf45316b
-
SHA1
82093c862a4e80217f6e86404685b4dc21c50960
-
SHA256
707a04a12631b78cc0b83d4218a3c2caab5a031a0352fb85c2b5c761c937b0be
-
SHA512
ea2b27ab853ad1c792151e630a25deca2c585dbbde54a525c583f10bad81c70c97967022df29169abbdcc9d1ddccf34ac5a5558203da5e1e4d0e9d85779af8a0
-
SSDEEP
3072:JvvK2BTc5XUg22bw7m+t84VIME6BJ81J5B:lgy+w7/JVIdO
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-