General
-
Target
952a8f6839d98c1f4e3c26959fe2d2265fa39c1ecbd3ae83b96931e171b08a43
-
Size
264KB
-
Sample
221208-fz7vqsca9w
-
MD5
4f846c930bc2ff3f18a68b2905309451
-
SHA1
14663cc14ca0fe815a83c2ba01c5b3450c704f2f
-
SHA256
952a8f6839d98c1f4e3c26959fe2d2265fa39c1ecbd3ae83b96931e171b08a43
-
SHA512
f8af1e08086c921f5a0e9b6cc9b861c0df9aabc9ed693d2fbfdbe2a39362b336e85cf6830a35d7445ba4154cc0c3e6a9d0ae5b0b3f511324a42282a4dbc4023a
-
SSDEEP
3072:kZ52A1E7eGlXQj5l5jS6u8WGp+Z0KzscaC25TBQgnTLK2p5wgcNxehv:k3+XEFu8WGEZnocaGBK/Wxm
Static task
static1
Behavioral task
behavioral1
Sample
952a8f6839d98c1f4e3c26959fe2d2265fa39c1ecbd3ae83b96931e171b08a43.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
952a8f6839d98c1f4e3c26959fe2d2265fa39c1ecbd3ae83b96931e171b08a43
-
Size
264KB
-
MD5
4f846c930bc2ff3f18a68b2905309451
-
SHA1
14663cc14ca0fe815a83c2ba01c5b3450c704f2f
-
SHA256
952a8f6839d98c1f4e3c26959fe2d2265fa39c1ecbd3ae83b96931e171b08a43
-
SHA512
f8af1e08086c921f5a0e9b6cc9b861c0df9aabc9ed693d2fbfdbe2a39362b336e85cf6830a35d7445ba4154cc0c3e6a9d0ae5b0b3f511324a42282a4dbc4023a
-
SSDEEP
3072:kZ52A1E7eGlXQj5l5jS6u8WGp+Z0KzscaC25TBQgnTLK2p5wgcNxehv:k3+XEFu8WGEZnocaGBK/Wxm
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-