General
-
Target
5dd8b3fb036735240645400bd556f5f85d34e8d863e0c1331b2addd444ec7136
-
Size
232KB
-
Sample
221115-ccmdqsee28
-
MD5
f919647759183e07c33e327759c1ea23
-
SHA1
54b342cab54a66842c75e8061dde646c1ce06247
-
SHA256
5dd8b3fb036735240645400bd556f5f85d34e8d863e0c1331b2addd444ec7136
-
SHA512
48464c48278b4c5ce00e576c8e5605bbda054ef93f87b6e2c8c4c4ce476e11866624b9b58b1b1a44c444948d781dd87356ccca3c4e6ad0bba251447b193edd97
-
SSDEEP
3072:LXO2aH7LJU8wQmW/FRL2dfCtQZ85oV0kCt6n/6oPaTJh7vQ1:j7I7LJAQm4R2dDZ8iV0zt6nSMaTP7v
Static task
static1
Behavioral task
behavioral1
Sample
5dd8b3fb036735240645400bd556f5f85d34e8d863e0c1331b2addd444ec7136.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
123
78.153.144.3:2510
-
auth_value
cd6abb0af211bce081d7bf127cc26835
Extracted
redline
rozena1114
jalocliche.xyz:81
chardhesha.xyz:81
-
auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8
Targets
-
-
Target
5dd8b3fb036735240645400bd556f5f85d34e8d863e0c1331b2addd444ec7136
-
Size
232KB
-
MD5
f919647759183e07c33e327759c1ea23
-
SHA1
54b342cab54a66842c75e8061dde646c1ce06247
-
SHA256
5dd8b3fb036735240645400bd556f5f85d34e8d863e0c1331b2addd444ec7136
-
SHA512
48464c48278b4c5ce00e576c8e5605bbda054ef93f87b6e2c8c4c4ce476e11866624b9b58b1b1a44c444948d781dd87356ccca3c4e6ad0bba251447b193edd97
-
SSDEEP
3072:LXO2aH7LJU8wQmW/FRL2dfCtQZ85oV0kCt6n/6oPaTJh7vQ1:j7I7LJAQm4R2dDZ8iV0zt6nSMaTP7v
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-