General
-
Target
file
-
Size
300KB
-
Sample
221013-wpsk3agcap
-
MD5
6d018cc2ba2f59f2e1e214a13530df70
-
SHA1
c903fe5d835882bdcb1498d42b942a52d52b7f0d
-
SHA256
97cdc8291c3e88742b152e68d8521cffdf47faedd1aad2fadd353837d398d47e
-
SHA512
26f482d44d757a314153a59bf8491ac609e3a0af18852fabb74dba43c8c30982c0484af412c6292f1c883330b07868d2a060800cbd7ef8861aa6178f0debef82
-
SSDEEP
96:45SJtr5iduUg8urAFQn1b+cDuQQCrTl7rCgVkfgNRPzNtF:4sJJ5irev+NQRp7rCgVkfg7Z
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
file
-
Size
300KB
-
MD5
6d018cc2ba2f59f2e1e214a13530df70
-
SHA1
c903fe5d835882bdcb1498d42b942a52d52b7f0d
-
SHA256
97cdc8291c3e88742b152e68d8521cffdf47faedd1aad2fadd353837d398d47e
-
SHA512
26f482d44d757a314153a59bf8491ac609e3a0af18852fabb74dba43c8c30982c0484af412c6292f1c883330b07868d2a060800cbd7ef8861aa6178f0debef82
-
SSDEEP
96:45SJtr5iduUg8urAFQn1b+cDuQQCrTl7rCgVkfgNRPzNtF:4sJJ5irev+NQRp7rCgVkfg7Z
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-