General
-
Target
517b3e8666e16e483d9e808b5dc1e906b71b314d8079e12e1b371f694ab58e85
-
Size
111KB
-
Sample
221121-zq86zsbb91
-
MD5
918559da8befd959c42be4e1446a484a
-
SHA1
731dcd588601885c1256d11faf2cf42f6663c4ca
-
SHA256
e2e4dc4bdb2c491f7fc14b23c6cf587dcc29d213f1b174f50452cf6914280e19
-
SHA512
8a818218b6d446e71cda2384e34309cfe8bbf4603cc8d3191d6e9e1761acf1d66bbdd98b2ca4699bddef63442d96661768d6dd1c46b7b29dd3788cee9123585f
-
SSDEEP
3072:/YRyz6CrGHAz71P8fwlCP64kCshMR9T4d1Uy:ztrE4pkEs64tseR9K/
Static task
static1
Behavioral task
behavioral1
Sample
517b3e8666e16e483d9e808b5dc1e906b71b314d8079e12e1b371f694ab58e85.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Extracted
vidar
55.7
1148
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1148
Targets
-
-
Target
517b3e8666e16e483d9e808b5dc1e906b71b314d8079e12e1b371f694ab58e85
-
Size
162KB
-
MD5
dc60563b71aa03fd9ba356d25e8f8eed
-
SHA1
0715b7fa19279520ae5c70ce58da0bb4528b8dc4
-
SHA256
517b3e8666e16e483d9e808b5dc1e906b71b314d8079e12e1b371f694ab58e85
-
SHA512
c6b57a7ceed511bd6098f518dce5b2a475f69bd4efb08835b4f0523e1bb6e1ff78a2334ad8cfb9f6ae4e3fc8c5069830243acebae38016495d87da9fdaebf9e5
-
SSDEEP
3072:Cvi3f6nct/HOad5StRcGuVBbeUipv0AvcL1Tat:Cmfxt/OzE3Hbspc6cL1Te
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-