General
-
Target
608b6c0630d3f2c0f7a63d9dd56fc1f2b1b9f0b316aee3a394d80b025cdff3a9
-
Size
316KB
-
Sample
221122-gen3kabg64
-
MD5
cd1dae8b164dcdd0389dbec60bf16b7b
-
SHA1
6164f0e2a465f2bff61c2a15bb0e5f20f977a3d6
-
SHA256
608b6c0630d3f2c0f7a63d9dd56fc1f2b1b9f0b316aee3a394d80b025cdff3a9
-
SHA512
96097c3902f0eaa784f084a3eed90140533ad0b85c072080e3ee6542a8f06d9bcc197f7ba1071e76a239a4ee56a9f80aa9356482f577284ebcbdbdfbbe8f6d5f
-
SSDEEP
6144:8UKVEIQMuBvcESEEVY9NsMDmshnkf8+CwbG:OpQP0V6zc8wG
Static task
static1
Behavioral task
behavioral1
Sample
608b6c0630d3f2c0f7a63d9dd56fc1f2b1b9f0b316aee3a394d80b025cdff3a9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Targets
-
-
Target
608b6c0630d3f2c0f7a63d9dd56fc1f2b1b9f0b316aee3a394d80b025cdff3a9
-
Size
316KB
-
MD5
cd1dae8b164dcdd0389dbec60bf16b7b
-
SHA1
6164f0e2a465f2bff61c2a15bb0e5f20f977a3d6
-
SHA256
608b6c0630d3f2c0f7a63d9dd56fc1f2b1b9f0b316aee3a394d80b025cdff3a9
-
SHA512
96097c3902f0eaa784f084a3eed90140533ad0b85c072080e3ee6542a8f06d9bcc197f7ba1071e76a239a4ee56a9f80aa9356482f577284ebcbdbdfbbe8f6d5f
-
SSDEEP
6144:8UKVEIQMuBvcESEEVY9NsMDmshnkf8+CwbG:OpQP0V6zc8wG
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-