General
-
Target
e00e158ba45b49cdfdca374f0f8f64a1df6c3b05f2034ac71ed0f3a1144f2ee2
-
Size
374KB
-
Sample
221016-wvyn9shhaq
-
MD5
b30d09ee47eafb236742ad7831adedb8
-
SHA1
88339c398d0cc01f720f55499dd622ab6b29a561
-
SHA256
e00e158ba45b49cdfdca374f0f8f64a1df6c3b05f2034ac71ed0f3a1144f2ee2
-
SHA512
c4c0613e991242ab87cd0d312da42b67b1ef20ebbcebe08fd79aee5ac72b617a3fcb8a97c6cb7254205e6715642039ed557c99bb7637dac2104454b5a5b7f412
-
SSDEEP
1536:HI47GyTGCwiSnmQUt0LB1c5s5gvubJueyupHgz:HvGyYiSDnt1cW54u9lx1W
Static task
static1
Behavioral task
behavioral1
Sample
e00e158ba45b49cdfdca374f0f8f64a1df6c3b05f2034ac71ed0f3a1144f2ee2.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
e00e158ba45b49cdfdca374f0f8f64a1df6c3b05f2034ac71ed0f3a1144f2ee2
-
Size
374KB
-
MD5
b30d09ee47eafb236742ad7831adedb8
-
SHA1
88339c398d0cc01f720f55499dd622ab6b29a561
-
SHA256
e00e158ba45b49cdfdca374f0f8f64a1df6c3b05f2034ac71ed0f3a1144f2ee2
-
SHA512
c4c0613e991242ab87cd0d312da42b67b1ef20ebbcebe08fd79aee5ac72b617a3fcb8a97c6cb7254205e6715642039ed557c99bb7637dac2104454b5a5b7f412
-
SSDEEP
1536:HI47GyTGCwiSnmQUt0LB1c5s5gvubJueyupHgz:HvGyYiSDnt1cW54u9lx1W
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-