General
-
Target
40cafffb20e76da2090434720a692d8d.exe
-
Size
129KB
-
Sample
220927-eshftscdg6
-
MD5
40cafffb20e76da2090434720a692d8d
-
SHA1
331a58ae824e22e444056fab9769f14db1eecc4c
-
SHA256
08415e962db965deaa4e02ecf2e198942100c56b5835e9298242da837b585b69
-
SHA512
ce479e46e4696461eaabbddcace3ad51581381762b04fd6bdce44285af5304de2382a1c2ed787d2c422204bcd4a978fc5e7eece1f8aeed78eaee0da314d45184
-
SSDEEP
3072:BW+pT85Nk3bm3e8DIok0xTwEE7W/LS6g+lQf5B:BBD6e8y0RHWMLg+
Static task
static1
Behavioral task
behavioral1
Sample
40cafffb20e76da2090434720a692d8d.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
40cafffb20e76da2090434720a692d8d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
77.73.134.27:7161
-
auth_value
e6aadafed1fda7723d7655a5894828d2
Extracted
redline
install
212.8.244.233:43690
-
auth_value
cbce7277fef2185d93b8332df3940ad5
Targets
-
-
Target
40cafffb20e76da2090434720a692d8d.exe
-
Size
129KB
-
MD5
40cafffb20e76da2090434720a692d8d
-
SHA1
331a58ae824e22e444056fab9769f14db1eecc4c
-
SHA256
08415e962db965deaa4e02ecf2e198942100c56b5835e9298242da837b585b69
-
SHA512
ce479e46e4696461eaabbddcace3ad51581381762b04fd6bdce44285af5304de2382a1c2ed787d2c422204bcd4a978fc5e7eece1f8aeed78eaee0da314d45184
-
SSDEEP
3072:BW+pT85Nk3bm3e8DIok0xTwEE7W/LS6g+lQf5B:BBD6e8y0RHWMLg+
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-