General
-
Target
baff04e584c5a8c34b7b9a9a2a621a23227c709d8e5f352e5a24e8522df5a299
-
Size
152KB
-
Sample
221113-1swjcagd3y
-
MD5
e8e6a8ada863676e7c4cf726bf49639a
-
SHA1
a7608253e5f79f7707f0caaff56cbc00ec08c9aa
-
SHA256
baff04e584c5a8c34b7b9a9a2a621a23227c709d8e5f352e5a24e8522df5a299
-
SHA512
a4070610e743398eda79c38e0a4453f5d03647e2223ec1b4a05631258b321dd1c85f1c1b3a24857c83d8c9f67eacf9f2a3dc4ee532450064d3543c641263f22e
-
SSDEEP
3072:ovDLOGmOQDS5xl55pNSspSz+/YN/dJMXCEes/dRA:0LOGmOQWl5bQ0E+/+/AF/z
Static task
static1
Behavioral task
behavioral1
Sample
baff04e584c5a8c34b7b9a9a2a621a23227c709d8e5f352e5a24e8522df5a299.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
baff04e584c5a8c34b7b9a9a2a621a23227c709d8e5f352e5a24e8522df5a299
-
Size
152KB
-
MD5
e8e6a8ada863676e7c4cf726bf49639a
-
SHA1
a7608253e5f79f7707f0caaff56cbc00ec08c9aa
-
SHA256
baff04e584c5a8c34b7b9a9a2a621a23227c709d8e5f352e5a24e8522df5a299
-
SHA512
a4070610e743398eda79c38e0a4453f5d03647e2223ec1b4a05631258b321dd1c85f1c1b3a24857c83d8c9f67eacf9f2a3dc4ee532450064d3543c641263f22e
-
SSDEEP
3072:ovDLOGmOQDS5xl55pNSspSz+/YN/dJMXCEes/dRA:0LOGmOQWl5bQ0E+/+/AF/z
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-