General
-
Target
d5e5f7d079b216078282d955c2d625bda28ca2a4de774a46ab571c388d897dac
-
Size
133KB
-
Sample
221003-j2364sgadj
-
MD5
0d59da753eee30ad352124c93782737e
-
SHA1
2575a6af11cb0572bb6bd9953206678762b29ac7
-
SHA256
d5e5f7d079b216078282d955c2d625bda28ca2a4de774a46ab571c388d897dac
-
SHA512
67dcfc8066f1f0f320e534df0a6b147eb1709cc6dc45cd77688548f986c9a257c2152ee420dfa46eb418cded18bbc175a4d2ef76f8dedc09474cadead237a5ac
-
SSDEEP
3072:gBvfopOR0GaD09KE1alT/F0OOGEveofqikGLueU:gMWJAlT/y1WTeU
Static task
static1
Behavioral task
behavioral1
Sample
d5e5f7d079b216078282d955c2d625bda28ca2a4de774a46ab571c388d897dac.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
1200654767
79.137.192.6:8362
Targets
-
-
Target
d5e5f7d079b216078282d955c2d625bda28ca2a4de774a46ab571c388d897dac
-
Size
133KB
-
MD5
0d59da753eee30ad352124c93782737e
-
SHA1
2575a6af11cb0572bb6bd9953206678762b29ac7
-
SHA256
d5e5f7d079b216078282d955c2d625bda28ca2a4de774a46ab571c388d897dac
-
SHA512
67dcfc8066f1f0f320e534df0a6b147eb1709cc6dc45cd77688548f986c9a257c2152ee420dfa46eb418cded18bbc175a4d2ef76f8dedc09474cadead237a5ac
-
SSDEEP
3072:gBvfopOR0GaD09KE1alT/F0OOGEveofqikGLueU:gMWJAlT/y1WTeU
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-