General
-
Target
bc6d40e9efb4a2acb018e06e50627e9d1cfd4a90f9e1e68a9e6e7c77662008a2
-
Size
1.7MB
-
Sample
221013-p4hk3seef8
-
MD5
930a05d9fe202c77ac8546397129592d
-
SHA1
d2376487d8114ae3383c1e7ebf35eda9b6619d4e
-
SHA256
bc6d40e9efb4a2acb018e06e50627e9d1cfd4a90f9e1e68a9e6e7c77662008a2
-
SHA512
5621d1c8f4b136aca3d008aaad47040cc3b4f4522e280a69304145db886b847f89a3cd216b390dd110dee68652c4b93912c6f2dacf8ed167c215fb940f4b6af6
-
SSDEEP
24576:kUo5FRdHL/zMlL3m99Q6ebefoxvHCzSB1lyKLssCJ8TwIIe6EbOkQZ9n4fnySc5:kUo5t799QZTlCzSBSkPIuQ/nQc5
Static task
static1
Behavioral task
behavioral1
Sample
cennik listopad.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
cennik listopad.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
V1
45.150.64.103:42708
-
auth_value
ac1e00fc097456e8b89d9ee9bf0f280b
Targets
-
-
Target
cennik listopad.exe
-
Size
668.1MB
-
MD5
aa3934d779b55a03273b3b68ea25f2fe
-
SHA1
9489523bdd6555cf5eff1f0afd773ed929303eae
-
SHA256
5b1c29a7dcf64918afe4a0254da1727588719ea1c8cb6ee20432834c362146f3
-
SHA512
83346493f23dc74216adc71afe9fdad19c12c8aef8cdacb8dc43fd96485feb7fe280cd7313be3a41a5be0100c0b5b9524e9c43814bb5ef67846d19d5d14a3581
-
SSDEEP
1536:dI47GyTGCwiSnmQUt0LB11s5gmRlmDgkBVyC8nh383NMGPBhQVPOxSwH:dvGyYiSDnt1i5FYDg4V/8n6S0Z7
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-