General
-
Target
file.exe
-
Size
194KB
-
Sample
221003-lml1dshdcq
-
MD5
d58bd6c6616b895631445542b7b18012
-
SHA1
ae791a19cd93dddc07d1b952bc36541c33c99856
-
SHA256
1fa40eae5c0b4dcf0d26d10c879ad5e466c06c3fa85f70dd17aad03d5f5b0f6a
-
SHA512
e3badfa09e33805aab49e3c08f729b4151e5c01be2b409e67ee267bc41201104d9946957c99c75cbad71e98ae7b809cd99cb9a1b5793bafe1c65df7682e55e47
-
SSDEEP
768:YSvNWMz7EVXU/hVJ+7hSYfGJsQO849wk9ESnGCuqqyUq60atL+Qs1YQB7RgiSlmL:ZI47GyTGCwiSnmQUt0LB1YQds5gq+9
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Neo3
tyastazirowi.xyz:80
yaterirennin.xyz:80
-
auth_value
646532deba483490225021877e8b02a0
Targets
-
-
Target
file.exe
-
Size
194KB
-
MD5
d58bd6c6616b895631445542b7b18012
-
SHA1
ae791a19cd93dddc07d1b952bc36541c33c99856
-
SHA256
1fa40eae5c0b4dcf0d26d10c879ad5e466c06c3fa85f70dd17aad03d5f5b0f6a
-
SHA512
e3badfa09e33805aab49e3c08f729b4151e5c01be2b409e67ee267bc41201104d9946957c99c75cbad71e98ae7b809cd99cb9a1b5793bafe1c65df7682e55e47
-
SSDEEP
768:YSvNWMz7EVXU/hVJ+7hSYfGJsQO849wk9ESnGCuqqyUq60atL+Qs1YQB7RgiSlmL:ZI47GyTGCwiSnmQUt0LB1YQds5gq+9
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-