General
-
Target
file.exe
-
Size
164KB
-
Sample
221118-dn2s8scd6w
-
MD5
873337968935ffd53fbb88ae86ba46f4
-
SHA1
066d215fea06483ab0c95035f3b4e99258887356
-
SHA256
dc0af5683ce510948ca084132a0fa0eda830021d744a8b8663800df28551babb
-
SHA512
8dcf86f9b668e06f1f8414cf319f48fd5262bf0d82ad3ea871a15f172f937ed106ee131f7f39e9bd85d5f2e23a5eaeab3e2a9108cb37f706dc59b9b2a2914b89
-
SSDEEP
3072:6f6nmm5dFLg85IiMlWYQw48qrh8dipYD0iytNR6GYSU/:6ymm5LyLSqCYD0iqR3Y
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
5m
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
7c8e8b4b3a28fd1de43f43277f38b9e3
Extracted
vidar
55.7
1827
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1827
Targets
-
-
Target
file.exe
-
Size
164KB
-
MD5
873337968935ffd53fbb88ae86ba46f4
-
SHA1
066d215fea06483ab0c95035f3b4e99258887356
-
SHA256
dc0af5683ce510948ca084132a0fa0eda830021d744a8b8663800df28551babb
-
SHA512
8dcf86f9b668e06f1f8414cf319f48fd5262bf0d82ad3ea871a15f172f937ed106ee131f7f39e9bd85d5f2e23a5eaeab3e2a9108cb37f706dc59b9b2a2914b89
-
SSDEEP
3072:6f6nmm5dFLg85IiMlWYQw48qrh8dipYD0iytNR6GYSU/:6ymm5LyLSqCYD0iqR3Y
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-