General
-
Target
0f8b56af0b1be1247a5bf989a92eca657855d96e4b3b9eac1a109cbe8bfbd40a
-
Size
130KB
-
Sample
220926-w2tznacgdk
-
MD5
2ae08b2b339f8593d743991cce0c747c
-
SHA1
d99acc1fc5702475f27c729be631fb0c4d2f1625
-
SHA256
0f8b56af0b1be1247a5bf989a92eca657855d96e4b3b9eac1a109cbe8bfbd40a
-
SHA512
bc6c43377168db0d06a682e4f99187bd06f16b1da058e37090ae902ed8dd87fa68578fa17cf3cf9b223b91c5c648e8b3e492030f026a6253aa28efaaf16633f2
-
SSDEEP
3072:YKiT13Tc5d/Lb4dc+oytXrlvfYa1f+Mxn5B:E1E/vD+Z2aJ+Mx
Static task
static1
Behavioral task
behavioral1
Sample
0f8b56af0b1be1247a5bf989a92eca657855d96e4b3b9eac1a109cbe8bfbd40a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
install1part
185.224.133.182:16382
-
auth_value
01759eb8d6120155c19b779c527fb1e2
Targets
-
-
Target
0f8b56af0b1be1247a5bf989a92eca657855d96e4b3b9eac1a109cbe8bfbd40a
-
Size
130KB
-
MD5
2ae08b2b339f8593d743991cce0c747c
-
SHA1
d99acc1fc5702475f27c729be631fb0c4d2f1625
-
SHA256
0f8b56af0b1be1247a5bf989a92eca657855d96e4b3b9eac1a109cbe8bfbd40a
-
SHA512
bc6c43377168db0d06a682e4f99187bd06f16b1da058e37090ae902ed8dd87fa68578fa17cf3cf9b223b91c5c648e8b3e492030f026a6253aa28efaaf16633f2
-
SSDEEP
3072:YKiT13Tc5d/Lb4dc+oytXrlvfYa1f+Mxn5B:E1E/vD+Z2aJ+Mx
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-