General
-
Target
file.exe
-
Size
198KB
-
Sample
221008-vypp4afbhk
-
MD5
9d33aced5a2ee1a182f95a804cc33f36
-
SHA1
6d086a4abd9ffe8ff5e48dc64b4e7dbddcac30b1
-
SHA256
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
SHA512
6ea26f547a5470cd5300f92f6c71e43c3d0adc7855dc4ef45631f0745471b616cdee4126ffe79acd12720d3d3afabd450df43691dfeb6c2ef011d7cf0196f847
-
SSDEEP
1536:jrae78zjORCDGwfdCSog01313Ns5gRC5gGm+qc:JahKyd2n3165+UHh
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
file.exe
-
Size
198KB
-
MD5
9d33aced5a2ee1a182f95a804cc33f36
-
SHA1
6d086a4abd9ffe8ff5e48dc64b4e7dbddcac30b1
-
SHA256
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
SHA512
6ea26f547a5470cd5300f92f6c71e43c3d0adc7855dc4ef45631f0745471b616cdee4126ffe79acd12720d3d3afabd450df43691dfeb6c2ef011d7cf0196f847
-
SSDEEP
1536:jrae78zjORCDGwfdCSog01313Ns5gRC5gGm+qc:JahKyd2n3165+UHh
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-