General
-
Target
275deddef0f33683c99390656e658a121d4d630a130e3f45411594de37ae4498
-
Size
3.2MB
-
Sample
220928-w43dtagge8
-
MD5
e18a73b3a82a22a768614d041fe91bb8
-
SHA1
c16f522cd61c303b00be391b2f00a872e6307c10
-
SHA256
275deddef0f33683c99390656e658a121d4d630a130e3f45411594de37ae4498
-
SHA512
0236cf0e85af6b75e086aeb4de415fb019c76894acf2f08bd019e3b3bebf6a25aa46535037393a3ce35b3e20c0cb8279d277f35429f65fffdee9619506ee141a
-
SSDEEP
12288:TsDhIWUJVhCO357lNT0eFbW1n6bZMuRg/cQ8HRL/:4DhvUJVhCO3VlmeFbWZ6bZMuRg/cQi
Static task
static1
Behavioral task
behavioral1
Sample
275deddef0f33683c99390656e658a121d4d630a130e3f45411594de37ae4498.exe
Resource
win10-20220812-en
Malware Config
Extracted
vidar
54.6
1680
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
1680
Extracted
redline
Lyla.22.09
185.215.113.216:21921
-
auth_value
2f19888cb6bad7fdc46df91dc06aacc5
Targets
-
-
Target
275deddef0f33683c99390656e658a121d4d630a130e3f45411594de37ae4498
-
Size
3.2MB
-
MD5
e18a73b3a82a22a768614d041fe91bb8
-
SHA1
c16f522cd61c303b00be391b2f00a872e6307c10
-
SHA256
275deddef0f33683c99390656e658a121d4d630a130e3f45411594de37ae4498
-
SHA512
0236cf0e85af6b75e086aeb4de415fb019c76894acf2f08bd019e3b3bebf6a25aa46535037393a3ce35b3e20c0cb8279d277f35429f65fffdee9619506ee141a
-
SSDEEP
12288:TsDhIWUJVhCO357lNT0eFbW1n6bZMuRg/cQ8HRL/:4DhvUJVhCO3VlmeFbWZ6bZMuRg/cQi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-