General
-
Target
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0
-
Size
427KB
-
Sample
221015-vfvtdsfghj
-
MD5
c34729173ecc820eb7674431597d78be
-
SHA1
884f343876a8bb0ebac63c28191c22c6f69590f8
-
SHA256
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0
-
SHA512
f9c93a0c6f55217016fe5ba550e9948662901b9240662708ac93074bf9692427b73ce10864927026b118aeb6622a47cfa04976bbc9b482a31aef21a5c96786a0
-
SSDEEP
3072:yvGyYiSDnt1Et5CmPo8VGAnxoctr6Byd4TUISI:24UCp6n756BmlI
Static task
static1
Behavioral task
behavioral1
Sample
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0
-
Size
427KB
-
MD5
c34729173ecc820eb7674431597d78be
-
SHA1
884f343876a8bb0ebac63c28191c22c6f69590f8
-
SHA256
7ad55278a8285dace5bb637348e5990c356a7c35bbcb8e2d53fd3dc64573d4c0
-
SHA512
f9c93a0c6f55217016fe5ba550e9948662901b9240662708ac93074bf9692427b73ce10864927026b118aeb6622a47cfa04976bbc9b482a31aef21a5c96786a0
-
SSDEEP
3072:yvGyYiSDnt1Et5CmPo8VGAnxoctr6Byd4TUISI:24UCp6n756BmlI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-