General
-
Target
f857475feed30691b4c4fc6a71bddcb33ae3616724f8fb62bf46d2fbbee627b1
-
Size
186KB
-
Sample
221122-aqdyeagb8w
-
MD5
129f78b657ed850868260cc01fffebd0
-
SHA1
21062b7b8dd1eefcf84e1cdef9a11a794338f5ee
-
SHA256
f857475feed30691b4c4fc6a71bddcb33ae3616724f8fb62bf46d2fbbee627b1
-
SHA512
0f1f9877ed6feebf5cef32f746431f57fc963a03544049b8e49a4fd8f0cbb8ff4f6b93ac4fedd0836f86dd648f4f6daabcbdc861d413faa4e1aa8cf70ac216ec
-
SSDEEP
3072:lakVtdn0WqOfg5h+1aaJXeG7S+oh/ejIZ1y839K5Z8E:laq0rO6+1adG7OeMZfKwE
Static task
static1
Behavioral task
behavioral1
Sample
f857475feed30691b4c4fc6a71bddcb33ae3616724f8fb62bf46d2fbbee627b1.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Targets
-
-
Target
f857475feed30691b4c4fc6a71bddcb33ae3616724f8fb62bf46d2fbbee627b1
-
Size
186KB
-
MD5
129f78b657ed850868260cc01fffebd0
-
SHA1
21062b7b8dd1eefcf84e1cdef9a11a794338f5ee
-
SHA256
f857475feed30691b4c4fc6a71bddcb33ae3616724f8fb62bf46d2fbbee627b1
-
SHA512
0f1f9877ed6feebf5cef32f746431f57fc963a03544049b8e49a4fd8f0cbb8ff4f6b93ac4fedd0836f86dd648f4f6daabcbdc861d413faa4e1aa8cf70ac216ec
-
SSDEEP
3072:lakVtdn0WqOfg5h+1aaJXeG7S+oh/ejIZ1y839K5Z8E:laq0rO6+1adG7OeMZfKwE
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-