General
-
Target
2e13938bf88f01c3bfa263ab7baf3dedadece399f2182c79f1b05eecf386521b
-
Size
133KB
-
Sample
221002-kj5snafgc6
-
MD5
4916d0a08750a0556e07a8a5fa6f4d57
-
SHA1
4557a36aee54ab6cdee29a4e1ce61c07e34072a9
-
SHA256
2e13938bf88f01c3bfa263ab7baf3dedadece399f2182c79f1b05eecf386521b
-
SHA512
f4ad0f46f4e2a9aec0a3c665ccdc9a13b5fcab49bacc5d6e84c9de6c6704c83f476926e40dd6a63195e3d08f782cd67b888aefe5fdd2db1ccddb50ff88cc161e
-
SSDEEP
3072:x/l3UjRsuX+9R+/lK6FhS4yeZDwPpyAfFHiT71z:iX6Q/c6FA4jl+ffF
Static task
static1
Behavioral task
behavioral1
Sample
2e13938bf88f01c3bfa263ab7baf3dedadece399f2182c79f1b05eecf386521b.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Targets
-
-
Target
2e13938bf88f01c3bfa263ab7baf3dedadece399f2182c79f1b05eecf386521b
-
Size
133KB
-
MD5
4916d0a08750a0556e07a8a5fa6f4d57
-
SHA1
4557a36aee54ab6cdee29a4e1ce61c07e34072a9
-
SHA256
2e13938bf88f01c3bfa263ab7baf3dedadece399f2182c79f1b05eecf386521b
-
SHA512
f4ad0f46f4e2a9aec0a3c665ccdc9a13b5fcab49bacc5d6e84c9de6c6704c83f476926e40dd6a63195e3d08f782cd67b888aefe5fdd2db1ccddb50ff88cc161e
-
SSDEEP
3072:x/l3UjRsuX+9R+/lK6FhS4yeZDwPpyAfFHiT71z:iX6Q/c6FA4jl+ffF
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-