General
-
Target
c9b8a56ae44d31bf77e38425277cf79f.exe
-
Size
153KB
-
Sample
221113-z4frladb47
-
MD5
c9b8a56ae44d31bf77e38425277cf79f
-
SHA1
ef24cff7cc9e4b9fbb6888f7d80d51a91855211e
-
SHA256
750af2e33ff183e381e853af4fd7a4b16500639a6d109e1600a04f5fba65caed
-
SHA512
084b3131d17c26e751ee6273ad759b9773f3a174d88c26de82c2a712ee8b6b16f3f2163c16252e4dd7d9c6d32c9068d8a622101cc24188de924f35d3e7f02620
-
SSDEEP
3072:FYY5LEyU+qcXE55bUfmsLppTR5A69wAEVzTlVwWbqS7:nLEyU+9YWmOppTR6swAE9lVbuK
Static task
static1
Behavioral task
behavioral1
Sample
c9b8a56ae44d31bf77e38425277cf79f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c9b8a56ae44d31bf77e38425277cf79f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
c9b8a56ae44d31bf77e38425277cf79f.exe
-
Size
153KB
-
MD5
c9b8a56ae44d31bf77e38425277cf79f
-
SHA1
ef24cff7cc9e4b9fbb6888f7d80d51a91855211e
-
SHA256
750af2e33ff183e381e853af4fd7a4b16500639a6d109e1600a04f5fba65caed
-
SHA512
084b3131d17c26e751ee6273ad759b9773f3a174d88c26de82c2a712ee8b6b16f3f2163c16252e4dd7d9c6d32c9068d8a622101cc24188de924f35d3e7f02620
-
SSDEEP
3072:FYY5LEyU+qcXE55bUfmsLppTR5A69wAEVzTlVwWbqS7:nLEyU+9YWmOppTR6swAE9lVbuK
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-