General
-
Target
56cd93b278ab2458de2f72c977bbcbea.exe
-
Size
328KB
-
Sample
220927-1ggk2sfgcr
-
MD5
56cd93b278ab2458de2f72c977bbcbea
-
SHA1
9c21edeb3d2552bedfaf1c9eb0e6fcf19f78d98b
-
SHA256
beb38b475d203dd46d3d1fa63ca34a83df6c45775b348279a5dc19ef1a861336
-
SHA512
87e06b9787a17f032999621829c2152f753ed4654efd6662613414474f6e9ed9e6c464afc93c6a848a1541e2385bd5de04fef3a8f33f6df60d7f8ea632d16831
-
SSDEEP
3072:EzXsv40EYmGO5zU1EfF5r0fnS/BOdZw7y2exSOX40KVOM/h3BsxkgaBChU/pZa9u:Er70eSE4fn3s7RewOX40iOnigabwVfs
Static task
static1
Behavioral task
behavioral1
Sample
56cd93b278ab2458de2f72c977bbcbea.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
56cd93b278ab2458de2f72c977bbcbea.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
51.89.201.21:7161
-
auth_value
e6aadafed1fda7723d7655a5894828d2
Extracted
redline
981705428_wsiv2wqu
179.43.175.170:38766
-
auth_value
ea424abde1f4c7328dd41ad4f28f74d4
Extracted
redline
fud
45.15.156.7:48638
-
auth_value
da2faefdcf53c9d85fcbb82d0cbf4876
Targets
-
-
Target
56cd93b278ab2458de2f72c977bbcbea.exe
-
Size
328KB
-
MD5
56cd93b278ab2458de2f72c977bbcbea
-
SHA1
9c21edeb3d2552bedfaf1c9eb0e6fcf19f78d98b
-
SHA256
beb38b475d203dd46d3d1fa63ca34a83df6c45775b348279a5dc19ef1a861336
-
SHA512
87e06b9787a17f032999621829c2152f753ed4654efd6662613414474f6e9ed9e6c464afc93c6a848a1541e2385bd5de04fef3a8f33f6df60d7f8ea632d16831
-
SSDEEP
3072:EzXsv40EYmGO5zU1EfF5r0fnS/BOdZw7y2exSOX40KVOM/h3BsxkgaBChU/pZa9u:Er70eSE4fn3s7RewOX40iOnigabwVfs
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-