General
-
Target
bbc55bcfb3e19090c52ad195c6b9c548a3467674dd719a40e4a504b84e293f7d
-
Size
184KB
-
Sample
221115-gaqqlabe4t
-
MD5
8b4940a4e3999442c81612530df72f45
-
SHA1
d40181310b12d9232f72aacdae905c3555d06c47
-
SHA256
bbc55bcfb3e19090c52ad195c6b9c548a3467674dd719a40e4a504b84e293f7d
-
SHA512
157a5e49627da2d1bb75d9ba789ae69950ef70e55352638c49ad5a96eca81d215ce291d8bfc4636c2820f69afd1a8557f15e2415571aa9aa1c992274c8eb8e9a
-
SSDEEP
1536:EALkBt/xKw6QHVb2x7qhshe5grfD+3EYb47KUL/j+TpnFybxKTSmuevSI3SopCAr:EAmqhe5OkEpKg+tnFtTGDIzq/MwfoR
Static task
static1
Behavioral task
behavioral1
Sample
bbc55bcfb3e19090c52ad195c6b9c548a3467674dd719a40e4a504b84e293f7d.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
123
78.153.144.3:2510
-
auth_value
cd6abb0af211bce081d7bf127cc26835
Extracted
redline
rozena1114
jalocliche.xyz:81
chardhesha.xyz:81
-
auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8
Targets
-
-
Target
bbc55bcfb3e19090c52ad195c6b9c548a3467674dd719a40e4a504b84e293f7d
-
Size
184KB
-
MD5
8b4940a4e3999442c81612530df72f45
-
SHA1
d40181310b12d9232f72aacdae905c3555d06c47
-
SHA256
bbc55bcfb3e19090c52ad195c6b9c548a3467674dd719a40e4a504b84e293f7d
-
SHA512
157a5e49627da2d1bb75d9ba789ae69950ef70e55352638c49ad5a96eca81d215ce291d8bfc4636c2820f69afd1a8557f15e2415571aa9aa1c992274c8eb8e9a
-
SSDEEP
1536:EALkBt/xKw6QHVb2x7qhshe5grfD+3EYb47KUL/j+TpnFybxKTSmuevSI3SopCAr:EAmqhe5OkEpKg+tnFtTGDIzq/MwfoR
-
Detect Amadey credential stealer module
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-