General
-
Target
e5eb694f24982ff71260946f290e225f129201d7839b90831f3d1b7d31254df6
-
Size
414KB
-
Sample
221018-vtaelsggfm
-
MD5
edf2eb69c5fff1cd47ae25c59695d040
-
SHA1
442d45adc9d967c1ac84d72697d3e6fdc183c3d1
-
SHA256
e5eb694f24982ff71260946f290e225f129201d7839b90831f3d1b7d31254df6
-
SHA512
9b85afaf2dea1ba3b2dcea5069cb8e9a4b6e433c054154aa0f225cb83b6f350e5d3cc23955fab4b28ec364a2397f5d71200219f540aaaf9229f9a38a8f045216
-
SSDEEP
1536:a/rae78zjORCDGwfdCSog01313Hys5go4T:mahKyd2n313b5j2
Static task
static1
Behavioral task
behavioral1
Sample
e5eb694f24982ff71260946f290e225f129201d7839b90831f3d1b7d31254df6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
e5eb694f24982ff71260946f290e225f129201d7839b90831f3d1b7d31254df6
-
Size
414KB
-
MD5
edf2eb69c5fff1cd47ae25c59695d040
-
SHA1
442d45adc9d967c1ac84d72697d3e6fdc183c3d1
-
SHA256
e5eb694f24982ff71260946f290e225f129201d7839b90831f3d1b7d31254df6
-
SHA512
9b85afaf2dea1ba3b2dcea5069cb8e9a4b6e433c054154aa0f225cb83b6f350e5d3cc23955fab4b28ec364a2397f5d71200219f540aaaf9229f9a38a8f045216
-
SSDEEP
1536:a/rae78zjORCDGwfdCSog01313Hys5go4T:mahKyd2n313b5j2
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-