General
-
Target
278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
-
Size
274KB
-
Sample
221128-s78s8aac2y
-
MD5
29a373c2434df5c3203864edadf0142e
-
SHA1
06eeaf59c220156007f491e6d5c158ef8cbe39da
-
SHA256
278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
-
SHA512
2580ecc59623888e9de48a2a3dda5ab6d89d3f8e4f9ba6e0a6e1f8fe6bc9d9bccb2d4f7f6278f362e8bc5993135ed19dad99231f854971cb2a9d5163d7a5cd03
-
SSDEEP
6144:cjvlU05pLO4315W89JF51AVmeMP36tVFvg4/FQF:cj6epLOI5W8CtM/mDgSm
Static task
static1
Behavioral task
behavioral1
Sample
278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48.exe
Resource
win10-20220812-en
Malware Config
Extracted
raccoon
ac3d98d56818de8ac1c6d9d84122c3d5
http://65.108.248.168
Extracted
amadey
3.50
77.73.134.65/o7VsjdSa2f/index.php
Targets
-
-
Target
278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
-
Size
274KB
-
MD5
29a373c2434df5c3203864edadf0142e
-
SHA1
06eeaf59c220156007f491e6d5c158ef8cbe39da
-
SHA256
278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
-
SHA512
2580ecc59623888e9de48a2a3dda5ab6d89d3f8e4f9ba6e0a6e1f8fe6bc9d9bccb2d4f7f6278f362e8bc5993135ed19dad99231f854971cb2a9d5163d7a5cd03
-
SSDEEP
6144:cjvlU05pLO4315W89JF51AVmeMP36tVFvg4/FQF:cj6epLOI5W8CtM/mDgSm
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-