General
-
Target
a0bb368e7ad22e2804aaec0cef919512.exe
-
Size
328KB
-
Sample
220927-ynnxlafdhn
-
MD5
a0bb368e7ad22e2804aaec0cef919512
-
SHA1
5a2b896d604bb654e0d9fb9dbef6b572caf2f153
-
SHA256
16842d889bdac3685118f3ce1e2ac6e352ade59800f46fbdd4cc60f586502feb
-
SHA512
e58eb7af5b2b5b016aff017eb4d8338a787eea589afdcd04735b57cbaa589d21f22a61c3dd5dd3a5415f10e1ad6ef57a455b2dcc26af8ecc2177a23eb62765b6
-
SSDEEP
3072:fYXspc24A1RjTU9jaF0F5hgUOXeCb7aC65OlaV+0K0prvMX4M/h3BsxkgaBChU/f:fs52tR9Fggb3AEls+0BrMonigabwVfs
Static task
static1
Behavioral task
behavioral1
Sample
a0bb368e7ad22e2804aaec0cef919512.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a0bb368e7ad22e2804aaec0cef919512.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
51.89.201.21:7161
-
auth_value
e6aadafed1fda7723d7655a5894828d2
Extracted
redline
fud
45.15.156.7:48638
-
auth_value
da2faefdcf53c9d85fcbb82d0cbf4876
Targets
-
-
Target
a0bb368e7ad22e2804aaec0cef919512.exe
-
Size
328KB
-
MD5
a0bb368e7ad22e2804aaec0cef919512
-
SHA1
5a2b896d604bb654e0d9fb9dbef6b572caf2f153
-
SHA256
16842d889bdac3685118f3ce1e2ac6e352ade59800f46fbdd4cc60f586502feb
-
SHA512
e58eb7af5b2b5b016aff017eb4d8338a787eea589afdcd04735b57cbaa589d21f22a61c3dd5dd3a5415f10e1ad6ef57a455b2dcc26af8ecc2177a23eb62765b6
-
SSDEEP
3072:fYXspc24A1RjTU9jaF0F5hgUOXeCb7aC65OlaV+0K0prvMX4M/h3BsxkgaBChU/f:fs52tR9Fggb3AEls+0BrMonigabwVfs
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-