General
-
Target
30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
-
Size
334KB
-
Sample
221118-3eqgaacg23
-
MD5
a975b4fd1a87d15729b8973f44155368
-
SHA1
554dc2c50d3d0fae634155062c6548e32751f562
-
SHA256
30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
-
SHA512
27c745dff28a70ba9757667a5f3de34adc1b42a3dccd663a1c8a363e97898979115371de9993f997673f2dcf6ab7aed6b5934065fb8ff1fab130748d74dd2d36
-
SSDEEP
6144:NvKUbFcLByKHp+mTuNUh+3oQ9gOU+fzYBb6:MUadyKH5CNb9gT6
Static task
static1
Malware Config
Extracted
vidar
55.7
1827
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1827
Extracted
redline
easy1018
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
56edfa3741d7e2286e0bcfe901712a2c
Extracted
redline
89.23.96.39:44465
-
auth_value
f9940860247e8a85fc8c16674c54799c
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Targets
-
-
Target
30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
-
Size
334KB
-
MD5
a975b4fd1a87d15729b8973f44155368
-
SHA1
554dc2c50d3d0fae634155062c6548e32751f562
-
SHA256
30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
-
SHA512
27c745dff28a70ba9757667a5f3de34adc1b42a3dccd663a1c8a363e97898979115371de9993f997673f2dcf6ab7aed6b5934065fb8ff1fab130748d74dd2d36
-
SSDEEP
6144:NvKUbFcLByKHp+mTuNUh+3oQ9gOU+fzYBb6:MUadyKH5CNb9gT6
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-