General
-
Target
7e7ba49822eb7f3bd7651e16901669d1c0e2e4bf5350893fa3d352f6060c5866
-
Size
186KB
-
Sample
221122-ctsxvaff34
-
MD5
56a3a279691023743ec277c924199963
-
SHA1
f4a5ee9d0babb6a0c8d3d5000af414ce28ce9340
-
SHA256
7e7ba49822eb7f3bd7651e16901669d1c0e2e4bf5350893fa3d352f6060c5866
-
SHA512
d66d9d5f30a4d752248135b50ba0c7d57a93284ec6e6b336294aeebbb8e1b677c5b0a97aa26ca5acb6aeae96380acfbb02ee3a79ec19482b230a359607ecdd23
-
SSDEEP
3072:H+8UmyVpZFoWU8Sg5yVDB3vLzhV6C6hPYYKs:H+J/ot8wlj6CWPYYK
Static task
static1
Behavioral task
behavioral1
Sample
7e7ba49822eb7f3bd7651e16901669d1c0e2e4bf5350893fa3d352f6060c5866.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Targets
-
-
Target
7e7ba49822eb7f3bd7651e16901669d1c0e2e4bf5350893fa3d352f6060c5866
-
Size
186KB
-
MD5
56a3a279691023743ec277c924199963
-
SHA1
f4a5ee9d0babb6a0c8d3d5000af414ce28ce9340
-
SHA256
7e7ba49822eb7f3bd7651e16901669d1c0e2e4bf5350893fa3d352f6060c5866
-
SHA512
d66d9d5f30a4d752248135b50ba0c7d57a93284ec6e6b336294aeebbb8e1b677c5b0a97aa26ca5acb6aeae96380acfbb02ee3a79ec19482b230a359607ecdd23
-
SSDEEP
3072:H+8UmyVpZFoWU8Sg5yVDB3vLzhV6C6hPYYKs:H+J/ot8wlj6CWPYYK
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-