General
-
Target
35400015b594302820a04c20fe48f488.exe
-
Size
318KB
-
Sample
220927-ry5jrseger
-
MD5
35400015b594302820a04c20fe48f488
-
SHA1
7099e8b6ce25dcaf4f56b17f5ff908313a2a246e
-
SHA256
beff5a79e3ddd5ea4bd7949b4935d3f21fb10968d0317051ba298b024cde943f
-
SHA512
f60f35ab9a1d19cdf7caf5f991709a0003c4bd869ff05d7ec70bac986711f1ef7295539b75d954d7d014c4b5bb0462d4341930c9ed10fa37d75895f4c6455939
-
SSDEEP
3072:a5TX1xkWhKsXncm25ELXJpNbDqmQdhjeXP0K5FGvwrDjVjM/h3BsxkgaBChU/pZq:a5LrfFcmN/qmQvCP0hsnigabwVf
Static task
static1
Behavioral task
behavioral1
Sample
35400015b594302820a04c20fe48f488.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
35400015b594302820a04c20fe48f488.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
77.73.134.27:7161
-
auth_value
e6aadafed1fda7723d7655a5894828d2
Extracted
raccoon
aeea23901ace2687ada0edd1d2615c7f
http://77.73.134.31/
Targets
-
-
Target
35400015b594302820a04c20fe48f488.exe
-
Size
318KB
-
MD5
35400015b594302820a04c20fe48f488
-
SHA1
7099e8b6ce25dcaf4f56b17f5ff908313a2a246e
-
SHA256
beff5a79e3ddd5ea4bd7949b4935d3f21fb10968d0317051ba298b024cde943f
-
SHA512
f60f35ab9a1d19cdf7caf5f991709a0003c4bd869ff05d7ec70bac986711f1ef7295539b75d954d7d014c4b5bb0462d4341930c9ed10fa37d75895f4c6455939
-
SSDEEP
3072:a5TX1xkWhKsXncm25ELXJpNbDqmQdhjeXP0K5FGvwrDjVjM/h3BsxkgaBChU/pZq:a5LrfFcmN/qmQvCP0hsnigabwVf
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-