General
-
Target
c627c6516eebd5ca9ad35647e4cc84c45b8360a17c217d6c373c8428169584dd
-
Size
145KB
-
Sample
221001-ry1ktagbd4
-
MD5
ecf9228793df763ee38dc969871f4ce7
-
SHA1
1e045e963bc4488aa46a588dca2090137f682068
-
SHA256
c627c6516eebd5ca9ad35647e4cc84c45b8360a17c217d6c373c8428169584dd
-
SHA512
e1a9c57a6dbd7f266e4f1f7c4406a76679b0da703c0a07d31370b4d5b1444c09e0d029a71d0c41ef94163da43b6e3c24fd177c94a22cdb16431d37b692372786
-
SSDEEP
3072:YOGV6uZRS8Smu/ZhIzX9vva08mAQHKpb:g6J8uwZvv8xxb
Static task
static1
Behavioral task
behavioral1
Sample
c627c6516eebd5ca9ad35647e4cc84c45b8360a17c217d6c373c8428169584dd.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Targets
-
-
Target
c627c6516eebd5ca9ad35647e4cc84c45b8360a17c217d6c373c8428169584dd
-
Size
145KB
-
MD5
ecf9228793df763ee38dc969871f4ce7
-
SHA1
1e045e963bc4488aa46a588dca2090137f682068
-
SHA256
c627c6516eebd5ca9ad35647e4cc84c45b8360a17c217d6c373c8428169584dd
-
SHA512
e1a9c57a6dbd7f266e4f1f7c4406a76679b0da703c0a07d31370b4d5b1444c09e0d029a71d0c41ef94163da43b6e3c24fd177c94a22cdb16431d37b692372786
-
SSDEEP
3072:YOGV6uZRS8Smu/ZhIzX9vva08mAQHKpb:g6J8uwZvv8xxb
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-