General
-
Target
35be65280e65cc6b44fb20b468cca606d518aad0cb448127df637e75231d86ec
-
Size
294KB
-
Sample
220928-lg3qysfec6
-
MD5
f8780743a44299fcaf19d61a0339aaae
-
SHA1
7c6dbf2eb97e0529a46db16135954cce3d6473d6
-
SHA256
35be65280e65cc6b44fb20b468cca606d518aad0cb448127df637e75231d86ec
-
SHA512
b0857baf0995854ccfb8320498977fc14e797fae5ba6d4b96337eff10a6cd656633f6b1a0cb72ddb55686b9f59248385f5c646948ed1bbbe01f39fade9e2ac7b
-
SSDEEP
6144:eWNeclLT0g94UkAB4jeinognL0JYOaxigavwVfIf:e9akg94Upw5nogg8URf
Static task
static1
Malware Config
Extracted
danabot
198.15.112.179:443
185.62.56.245:443
153.92.223.225:443
192.119.70.159:443
-
embedded_hash
6618C163D57D6441FCCA65D86C4D380D
-
type
loader
Extracted
redline
insmix
jamesmillion2.xyz:9420
-
auth_value
f388a05524f756108c9e4b0f4c4bafb6
Extracted
systembc
141.98.82.229:4001
Targets
-
-
Target
35be65280e65cc6b44fb20b468cca606d518aad0cb448127df637e75231d86ec
-
Size
294KB
-
MD5
f8780743a44299fcaf19d61a0339aaae
-
SHA1
7c6dbf2eb97e0529a46db16135954cce3d6473d6
-
SHA256
35be65280e65cc6b44fb20b468cca606d518aad0cb448127df637e75231d86ec
-
SHA512
b0857baf0995854ccfb8320498977fc14e797fae5ba6d4b96337eff10a6cd656633f6b1a0cb72ddb55686b9f59248385f5c646948ed1bbbe01f39fade9e2ac7b
-
SSDEEP
6144:eWNeclLT0g94UkAB4jeinognL0JYOaxigavwVfIf:e9akg94Upw5nogg8URf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-