General
-
Target
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa.exe
-
Size
457KB
-
Sample
221021-bc12fsdhbq
-
MD5
9ecafa0a55d800f4293093989b90d595
-
SHA1
4b7388775266bf7b9edd19ff456f9dcc5a6bcd06
-
SHA256
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa
-
SHA512
d43417b47641d815b99687c3418abb0fad2963f7466eac304d596ac61099f09ba1db3fce3a2b7e15a71f29e27476ef579b9e9200778d277acc470c26bc602b49
-
SSDEEP
3072:8ahKyd2n31If5HxTQ3fXaPm1cF8o4Y1Z8JP:8ahOOfTQvXaPm1cFrV4J
Static task
static1
Behavioral task
behavioral1
Sample
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa.exe
-
Size
457KB
-
MD5
9ecafa0a55d800f4293093989b90d595
-
SHA1
4b7388775266bf7b9edd19ff456f9dcc5a6bcd06
-
SHA256
914be79c80638787a90cb4d7598ad60a8f39634cb4858489bde36c0e32e235aa
-
SHA512
d43417b47641d815b99687c3418abb0fad2963f7466eac304d596ac61099f09ba1db3fce3a2b7e15a71f29e27476ef579b9e9200778d277acc470c26bc602b49
-
SSDEEP
3072:8ahKyd2n31If5HxTQ3fXaPm1cF8o4Y1Z8JP:8ahOOfTQvXaPm1cFrV4J
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-