General
-
Target
8204bce8fd8bc3f634b995eb974c31971950014b47dedd928c80bd92869519ac
-
Size
201KB
-
Sample
221003-k7ddbahchk
-
MD5
91364a893cdb7a591053d6a0ebb71098
-
SHA1
7cd0fcb6fe4032e669c77e9f05ac38bddf71f93a
-
SHA256
8204bce8fd8bc3f634b995eb974c31971950014b47dedd928c80bd92869519ac
-
SHA512
b143aa99250e1ec47b59c07373c877fa86186c1147d7000d35e48bec3a121f74d267669bd96e87b60cf77a845477a8e0d064e473cb154f39d82d992c2093cae8
-
SSDEEP
1536:1I47GyTGCwiSnmQUt0LB1kAjs5gpyY6cfsW:1vGyYiSDnt1T45nxEsW
Static task
static1
Behavioral task
behavioral1
Sample
8204bce8fd8bc3f634b995eb974c31971950014b47dedd928c80bd92869519ac.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Buk2
tyastazirowi.xyz:80
yaterirennin.xyz:80
-
auth_value
813662de00b041e18fa868da733fca07
Targets
-
-
Target
8204bce8fd8bc3f634b995eb974c31971950014b47dedd928c80bd92869519ac
-
Size
201KB
-
MD5
91364a893cdb7a591053d6a0ebb71098
-
SHA1
7cd0fcb6fe4032e669c77e9f05ac38bddf71f93a
-
SHA256
8204bce8fd8bc3f634b995eb974c31971950014b47dedd928c80bd92869519ac
-
SHA512
b143aa99250e1ec47b59c07373c877fa86186c1147d7000d35e48bec3a121f74d267669bd96e87b60cf77a845477a8e0d064e473cb154f39d82d992c2093cae8
-
SSDEEP
1536:1I47GyTGCwiSnmQUt0LB1kAjs5gpyY6cfsW:1vGyYiSDnt1T45nxEsW
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-