General
-
Target
a977f111b6cfc531aaa949a1142b573fd1737d23f3a97077b69ef37433abb6b4
-
Size
145KB
-
Sample
221001-npsl3afhg7
-
MD5
14f6a0b91e54b9639ab359f1964a8619
-
SHA1
2bc241344727fdcc6f85679e625529940011bab3
-
SHA256
a977f111b6cfc531aaa949a1142b573fd1737d23f3a97077b69ef37433abb6b4
-
SHA512
c9bd1002a666ce121074b39eeaaa2e2fd1c401d1cc245bd226f31691a0f0c94ff6d7dc9e9465b13b26f7d90b01c06b63ef0e8bb828260a3ea24b2a0a2812fc04
-
SSDEEP
1536:Cdqmf/JrcspSf2IZR6rVHq/5mIOuND//B6AmvpkP3S2KbLL+EnZlNo6erbXlWZ:CdZ5XIZRoVKxpX/UAmvpkfSjL+2JtZ
Static task
static1
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Extracted
asyncrat
0.5.7B
Default
45.154.98.214:6606
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Extracted
redline
1
93.159.221.122:8387
Targets
-
-
Target
a977f111b6cfc531aaa949a1142b573fd1737d23f3a97077b69ef37433abb6b4
-
Size
145KB
-
MD5
14f6a0b91e54b9639ab359f1964a8619
-
SHA1
2bc241344727fdcc6f85679e625529940011bab3
-
SHA256
a977f111b6cfc531aaa949a1142b573fd1737d23f3a97077b69ef37433abb6b4
-
SHA512
c9bd1002a666ce121074b39eeaaa2e2fd1c401d1cc245bd226f31691a0f0c94ff6d7dc9e9465b13b26f7d90b01c06b63ef0e8bb828260a3ea24b2a0a2812fc04
-
SSDEEP
1536:Cdqmf/JrcspSf2IZR6rVHq/5mIOuND//B6AmvpkP3S2KbLL+EnZlNo6erbXlWZ:CdZ5XIZRoVKxpX/UAmvpkfSjL+2JtZ
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-