General
-
Target
4d2921f38a5bbc12057aecb0e0a370ecf21035428fa2a8508f03023aabde3754
-
Size
133KB
-
Sample
221003-j6l4dsgbhr
-
MD5
5b450d641f813f87e7a24dd3b0fc622f
-
SHA1
c80cbf1bd45eed49deee7dca9bc019d5f71e7dc4
-
SHA256
4d2921f38a5bbc12057aecb0e0a370ecf21035428fa2a8508f03023aabde3754
-
SHA512
581e553b67c229432595df01423b34c35f69c3e82647044ecf88ae4c1bf4ce411379bbe3581c95d67242cdd240087f4b09b6f251a96195e666d26a0c034d5b65
-
SSDEEP
1536:jSbRDBnH5hk1WkORxZnb40L2IowCU5KZtVuLGTWbEq17TSoYNXrvO/hQKjj0nLxK:jSbRJiORXYImWKclbd17TSoeO7jGK
Static task
static1
Behavioral task
behavioral1
Sample
4d2921f38a5bbc12057aecb0e0a370ecf21035428fa2a8508f03023aabde3754.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
1200654767
79.137.192.6:8362
Targets
-
-
Target
4d2921f38a5bbc12057aecb0e0a370ecf21035428fa2a8508f03023aabde3754
-
Size
133KB
-
MD5
5b450d641f813f87e7a24dd3b0fc622f
-
SHA1
c80cbf1bd45eed49deee7dca9bc019d5f71e7dc4
-
SHA256
4d2921f38a5bbc12057aecb0e0a370ecf21035428fa2a8508f03023aabde3754
-
SHA512
581e553b67c229432595df01423b34c35f69c3e82647044ecf88ae4c1bf4ce411379bbe3581c95d67242cdd240087f4b09b6f251a96195e666d26a0c034d5b65
-
SSDEEP
1536:jSbRDBnH5hk1WkORxZnb40L2IowCU5KZtVuLGTWbEq17TSoYNXrvO/hQKjj0nLxK:jSbRJiORXYImWKclbd17TSoeO7jGK
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-