General
-
Target
5f07867d08f9e18f24e897094f444162d940c68d05a3270738950fb3588c019e
-
Size
233KB
-
Sample
221114-3yv6waeb93
-
MD5
8b0cf2d7975da7bc1e95cb74e4228c11
-
SHA1
824afb11f34f0dbab38a738862326054bcdb28a7
-
SHA256
5f07867d08f9e18f24e897094f444162d940c68d05a3270738950fb3588c019e
-
SHA512
5227ec10548d954cff7a217034966a827c21379ac7fed4c5c54dba70fba0357745f8028e2098ea435448caf4b58a6b216ad0f1b5f08f378628eb12c911076f79
-
SSDEEP
3072:fXOftbVLxU8EHmW/FXUc0LN+QlSJ45fsUPK1ufNDmFuL:PqNVLxUHm4QR+qSSkcRI
Static task
static1
Behavioral task
behavioral1
Sample
5f07867d08f9e18f24e897094f444162d940c68d05a3270738950fb3588c019e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
rozena1114
jalocliche.xyz:81
chardhesha.xyz:81
-
auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8
Targets
-
-
Target
5f07867d08f9e18f24e897094f444162d940c68d05a3270738950fb3588c019e
-
Size
233KB
-
MD5
8b0cf2d7975da7bc1e95cb74e4228c11
-
SHA1
824afb11f34f0dbab38a738862326054bcdb28a7
-
SHA256
5f07867d08f9e18f24e897094f444162d940c68d05a3270738950fb3588c019e
-
SHA512
5227ec10548d954cff7a217034966a827c21379ac7fed4c5c54dba70fba0357745f8028e2098ea435448caf4b58a6b216ad0f1b5f08f378628eb12c911076f79
-
SSDEEP
3072:fXOftbVLxU8EHmW/FXUc0LN+QlSJ45fsUPK1ufNDmFuL:PqNVLxUHm4QR+qSSkcRI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-