General
-
Target
76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723
-
Size
188KB
-
Sample
221122-ag8resfh4z
-
MD5
851792ff43bd0ceabf0ef1bd77e01660
-
SHA1
882b970a432a193046e0b4ebfaed551dbc07966e
-
SHA256
76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723
-
SHA512
62bbbd55ec395fe6253dce13549041782887fc1c89d2e1f495fb9ad635275ab84a65cdf9d2d4f4d702cbbd5910f91fead98f8d6d6f981a902a092925fd98252a
-
SSDEEP
3072:TVB6+NKy3oW0O7K53KC663swjF+oX0wIhq96BgA:TVCy49OVCrsEF+oEw1
Static task
static1
Behavioral task
behavioral1
Sample
76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Targets
-
-
Target
76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723
-
Size
188KB
-
MD5
851792ff43bd0ceabf0ef1bd77e01660
-
SHA1
882b970a432a193046e0b4ebfaed551dbc07966e
-
SHA256
76846968b69e616bb20c37ecfffc776328ce268a8d5f21268e3f3299d4104723
-
SHA512
62bbbd55ec395fe6253dce13549041782887fc1c89d2e1f495fb9ad635275ab84a65cdf9d2d4f4d702cbbd5910f91fead98f8d6d6f981a902a092925fd98252a
-
SSDEEP
3072:TVB6+NKy3oW0O7K53KC663swjF+oX0wIhq96BgA:TVCy49OVCrsEF+oEw1
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-