General
-
Target
7e7ffae23565ffa2af64fb574cced210adcda04868fa2a8eb400f5efa890b9e2
-
Size
265KB
-
Sample
221207-zt5mzagb36
-
MD5
0cdb4c9c0b815a92b98b4b414e074cf2
-
SHA1
ee7f8b0fca57e0b66f3ab8b88a4e8a53ccba593e
-
SHA256
7e7ffae23565ffa2af64fb574cced210adcda04868fa2a8eb400f5efa890b9e2
-
SHA512
de61ecb0e246d1d2f4d4b5a8188fb8ec648d5a0bf83d43ad1efa066ee042ef5e0c755abf53a82c419cac76c2d115e7e3ca475170a7eb5e1654af8b37722de030
-
SSDEEP
3072:3jqeJlh9vCm+1sn32v5B5u9yupgwqo4NdqW7zuBeVhOD389RIlf3:TbJles32wpgwqfPBvny78ilf
Static task
static1
Behavioral task
behavioral1
Sample
7e7ffae23565ffa2af64fb574cced210adcda04868fa2a8eb400f5efa890b9e2.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
7e7ffae23565ffa2af64fb574cced210adcda04868fa2a8eb400f5efa890b9e2
-
Size
265KB
-
MD5
0cdb4c9c0b815a92b98b4b414e074cf2
-
SHA1
ee7f8b0fca57e0b66f3ab8b88a4e8a53ccba593e
-
SHA256
7e7ffae23565ffa2af64fb574cced210adcda04868fa2a8eb400f5efa890b9e2
-
SHA512
de61ecb0e246d1d2f4d4b5a8188fb8ec648d5a0bf83d43ad1efa066ee042ef5e0c755abf53a82c419cac76c2d115e7e3ca475170a7eb5e1654af8b37722de030
-
SSDEEP
3072:3jqeJlh9vCm+1sn32v5B5u9yupgwqo4NdqW7zuBeVhOD389RIlf3:TbJles32wpgwqfPBvny78ilf
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-