General
-
Target
8a4d3e8568be511098962b233b462b5c72ee71bac329376b5b0dbb6869d1f1e0
-
Size
318KB
-
Sample
220927-e6lqeacea5
-
MD5
ad619176e51285d10f54d04b2b9b047c
-
SHA1
856c8954d99667233e79390a0bc2eda370b9b2ca
-
SHA256
8a4d3e8568be511098962b233b462b5c72ee71bac329376b5b0dbb6869d1f1e0
-
SHA512
bc8502e562f4dd26feba6796754a4508f1af4ab1459411059d07962c1509a63985ee011c3977fab7ff03672dae42d03cef8c432e37b6b79787e282d1724f9dc3
-
SSDEEP
6144:b0MXv6aK2qDlrH0Wm1/1J0ymMvcnigabwVf:b0MSaK2G0WcMy5Ei
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
redline
insmix
jamesmillion2.xyz:9420
-
auth_value
f388a05524f756108c9e4b0f4c4bafb6
Targets
-
-
Target
8a4d3e8568be511098962b233b462b5c72ee71bac329376b5b0dbb6869d1f1e0
-
Size
318KB
-
MD5
ad619176e51285d10f54d04b2b9b047c
-
SHA1
856c8954d99667233e79390a0bc2eda370b9b2ca
-
SHA256
8a4d3e8568be511098962b233b462b5c72ee71bac329376b5b0dbb6869d1f1e0
-
SHA512
bc8502e562f4dd26feba6796754a4508f1af4ab1459411059d07962c1509a63985ee011c3977fab7ff03672dae42d03cef8c432e37b6b79787e282d1724f9dc3
-
SSDEEP
6144:b0MXv6aK2qDlrH0Wm1/1J0ymMvcnigabwVf:b0MSaK2G0WcMy5Ei
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-