General
-
Target
218d12e69e643b148f39105a8d1690b81aa04fff0a744a4995d3200620516f56
-
Size
331KB
-
Sample
221118-j73sjagh74
-
MD5
67bd70baef1e8165ee7ffa7c83013365
-
SHA1
c88569254a2688eda73d81bce675fc90229c6a72
-
SHA256
218d12e69e643b148f39105a8d1690b81aa04fff0a744a4995d3200620516f56
-
SHA512
fe3e2121b24486689bd949ecc61a746ec1092712cf1f20e7a6a426f3d5dd9fee5880ccf0c409fcd1119d673618668a4354c7f1eeedfbdd9143b2af8cb45a79e9
-
SSDEEP
6144:+wIzq6yNaN8G0vBDjEwIUDENJmURlZ7W148zZ+hp0fBa1Ew:rqFyRG0ZMwIcKAw3VXhp0fQ1Ew
Static task
static1
Malware Config
Extracted
vidar
55.7
1827
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1827
Extracted
redline
5m
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
7c8e8b4b3a28fd1de43f43277f38b9e3
Extracted
redline
New2022
185.106.92.111:2510
-
auth_value
ef6fe7baf59e3191ff2f569e3bf0e2c7
Targets
-
-
Target
218d12e69e643b148f39105a8d1690b81aa04fff0a744a4995d3200620516f56
-
Size
331KB
-
MD5
67bd70baef1e8165ee7ffa7c83013365
-
SHA1
c88569254a2688eda73d81bce675fc90229c6a72
-
SHA256
218d12e69e643b148f39105a8d1690b81aa04fff0a744a4995d3200620516f56
-
SHA512
fe3e2121b24486689bd949ecc61a746ec1092712cf1f20e7a6a426f3d5dd9fee5880ccf0c409fcd1119d673618668a4354c7f1eeedfbdd9143b2af8cb45a79e9
-
SSDEEP
6144:+wIzq6yNaN8G0vBDjEwIUDENJmURlZ7W148zZ+hp0fBa1Ew:rqFyRG0ZMwIcKAw3VXhp0fQ1Ew
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-