General
-
Target
4176776e4a16cc6d1343173db03c7b94aa63eed6b98e1c1e1633638d749b25c2
-
Size
263KB
-
Sample
221207-tjl5zsfd26
-
MD5
a5b980c246570ec52c0bf80b7d0bf1c9
-
SHA1
98d5398b41abe05f1f01058224e61f3bfa174966
-
SHA256
4176776e4a16cc6d1343173db03c7b94aa63eed6b98e1c1e1633638d749b25c2
-
SHA512
9a31dc5f3079180ffc2f64e77b03237f2a5df78108f7ac9f10b2d8ca2e1efe5a3457dbc2112495479bc2cd609c28659339ef74f7aed618359198b78871977253
-
SSDEEP
3072:ziDLsPVfdWGYH8T9H5MxS6pRkWdTWuapW/xhh0aBeV+FGyyVqTaz9RIlf3:z1m8x6pZd5aptTwFAPhilf
Static task
static1
Behavioral task
behavioral1
Sample
4176776e4a16cc6d1343173db03c7b94aa63eed6b98e1c1e1633638d749b25c2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
4176776e4a16cc6d1343173db03c7b94aa63eed6b98e1c1e1633638d749b25c2
-
Size
263KB
-
MD5
a5b980c246570ec52c0bf80b7d0bf1c9
-
SHA1
98d5398b41abe05f1f01058224e61f3bfa174966
-
SHA256
4176776e4a16cc6d1343173db03c7b94aa63eed6b98e1c1e1633638d749b25c2
-
SHA512
9a31dc5f3079180ffc2f64e77b03237f2a5df78108f7ac9f10b2d8ca2e1efe5a3457dbc2112495479bc2cd609c28659339ef74f7aed618359198b78871977253
-
SSDEEP
3072:ziDLsPVfdWGYH8T9H5MxS6pRkWdTWuapW/xhh0aBeV+FGyyVqTaz9RIlf3:z1m8x6pZd5aptTwFAPhilf
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-