General
-
Target
Laoder.bin
-
Size
1.2MB
-
Sample
221003-mq4kaagaf2
-
MD5
fea979a3fbed876b3a10991bd3d7d8e8
-
SHA1
f069611f03ebec2334c093d3763227b0cce517d1
-
SHA256
4138619c3bade8cd653d595d7e1007342dc0f7a4b5388d5a3956ffc4dce6dbed
-
SHA512
01f6a204627d19e17c17a27684ab4174da20414fe96d2ed4df4ee5c59b55ae34d2f74360dd32cde952bc151cf96751d43f72554c36ae90c051a0331d27d9c8a8
-
SSDEEP
24576:EwImQOoHGUZI5UrIYfYLY2TL74MPskdELk4+tysP6Ep:EwImQOoHTYUDCbgsPZp
Static task
static1
Behavioral task
behavioral1
Sample
Laoder.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Laoder.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
185.215.113.83:60722
-
auth_value
c4737ae3b1758fc2ea25fa8958afece9
Targets
-
-
Target
Laoder.bin
-
Size
1.2MB
-
MD5
fea979a3fbed876b3a10991bd3d7d8e8
-
SHA1
f069611f03ebec2334c093d3763227b0cce517d1
-
SHA256
4138619c3bade8cd653d595d7e1007342dc0f7a4b5388d5a3956ffc4dce6dbed
-
SHA512
01f6a204627d19e17c17a27684ab4174da20414fe96d2ed4df4ee5c59b55ae34d2f74360dd32cde952bc151cf96751d43f72554c36ae90c051a0331d27d9c8a8
-
SSDEEP
24576:EwImQOoHGUZI5UrIYfYLY2TL74MPskdELk4+tysP6Ep:EwImQOoHTYUDCbgsPZp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-