General
-
Target
a572bde048e6ee83f9f81633225334d6697dbbef660972ac54ed9961bd0fcaaf
-
Size
145KB
-
Sample
221003-qjfresghfj
-
MD5
8112bcc49167996cc3dc67495dc85aaf
-
SHA1
912458c828d3bd96558970d55de6ab9181660597
-
SHA256
a572bde048e6ee83f9f81633225334d6697dbbef660972ac54ed9961bd0fcaaf
-
SHA512
1b43d5a999f4825226f6ffb6add69d6783ca90ed7d9e5739960fcfaa59839ee37572076d3588007c8e42f6b9de8b3601fe8ae9ccea61fd9f5bc03f2a57e691a3
-
SSDEEP
3072:iAioQFOmWt7Hahxfzq2Fql+zXap1MSfYOpnif5YO:iAKFg6U+Tas4pif5Y
Static task
static1
Behavioral task
behavioral1
Sample
a572bde048e6ee83f9f81633225334d6697dbbef660972ac54ed9961bd0fcaaf.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
216.230.79.183:102
jamesmillion9.xyz:80
-
auth_value
19cd76dae6d01d9649fd29624fa61e51
Targets
-
-
Target
a572bde048e6ee83f9f81633225334d6697dbbef660972ac54ed9961bd0fcaaf
-
Size
145KB
-
MD5
8112bcc49167996cc3dc67495dc85aaf
-
SHA1
912458c828d3bd96558970d55de6ab9181660597
-
SHA256
a572bde048e6ee83f9f81633225334d6697dbbef660972ac54ed9961bd0fcaaf
-
SHA512
1b43d5a999f4825226f6ffb6add69d6783ca90ed7d9e5739960fcfaa59839ee37572076d3588007c8e42f6b9de8b3601fe8ae9ccea61fd9f5bc03f2a57e691a3
-
SSDEEP
3072:iAioQFOmWt7Hahxfzq2Fql+zXap1MSfYOpnif5YO:iAKFg6U+Tas4pif5Y
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-