General
-
Target
793a37236bc7d8e9c1ddd76a44100d71e7716fdb6c314f1a6f1d1c1ad2124168
-
Size
318KB
-
Sample
220927-sv18lsdgc5
-
MD5
d5ed544f19e3fa10465cb33831d656d2
-
SHA1
82dc3e8c587b09d8e998ae684ba7707f225970e1
-
SHA256
793a37236bc7d8e9c1ddd76a44100d71e7716fdb6c314f1a6f1d1c1ad2124168
-
SHA512
83193f350215452809f32995ba7adf650f0dfc71b1ad20330f30867da005b9a7418cdd8c80f8ad15c75583c2d2df854f82a836326086da4c7353537c06c4c98c
-
SSDEEP
3072:OXeX1vHchr1smj25j4y8iw4GEcmOAQoc6W/43v0KxriM/h3BsxkgaBChU/pZa9uk:OXmJoOm1yzcmOAQ9/43v06inigabwVf
Static task
static1
Behavioral task
behavioral1
Sample
793a37236bc7d8e9c1ddd76a44100d71e7716fdb6c314f1a6f1d1c1ad2124168.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Extracted
raccoon
aeea23901ace2687ada0edd1d2615c7f
http://77.73.134.31/
Targets
-
-
Target
793a37236bc7d8e9c1ddd76a44100d71e7716fdb6c314f1a6f1d1c1ad2124168
-
Size
318KB
-
MD5
d5ed544f19e3fa10465cb33831d656d2
-
SHA1
82dc3e8c587b09d8e998ae684ba7707f225970e1
-
SHA256
793a37236bc7d8e9c1ddd76a44100d71e7716fdb6c314f1a6f1d1c1ad2124168
-
SHA512
83193f350215452809f32995ba7adf650f0dfc71b1ad20330f30867da005b9a7418cdd8c80f8ad15c75583c2d2df854f82a836326086da4c7353537c06c4c98c
-
SSDEEP
3072:OXeX1vHchr1smj25j4y8iw4GEcmOAQoc6W/43v0KxriM/h3BsxkgaBChU/pZa9uk:OXmJoOm1yzcmOAQ9/43v06inigabwVf
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-