General
-
Target
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d
-
Size
30KB
-
Sample
221220-rymzqadb61
-
MD5
0f8ffd303727f8c19ebb3ee033d5c26f
-
SHA1
3eac789899a1f930c36f810889d3e7b8ff915bc0
-
SHA256
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d
-
SHA512
bfba532ad66f1cd93b18a08e35d6bcf1fd66eafe999dc72c865f2828ec132d701347371c708d3b16b9cda5f4b90c8dfb1a2ffbd1b6bc0385104207a84b930731
-
SSDEEP
768:Nf2z5wdkk846MlpaOucO4h9tnB95Cc6NirsQMFXDTRaU:NAIkk84Hp/vl6XXDk
Behavioral task
behavioral1
Sample
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
mario23_10
167.235.252.160:10642
-
auth_value
eca57cfb5172f71dc45986763bb98942
Targets
-
-
Target
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d
-
Size
30KB
-
MD5
0f8ffd303727f8c19ebb3ee033d5c26f
-
SHA1
3eac789899a1f930c36f810889d3e7b8ff915bc0
-
SHA256
659a82dba8a06187307558027d618639a3203d7395552e91781969e86b2d199d
-
SHA512
bfba532ad66f1cd93b18a08e35d6bcf1fd66eafe999dc72c865f2828ec132d701347371c708d3b16b9cda5f4b90c8dfb1a2ffbd1b6bc0385104207a84b930731
-
SSDEEP
768:Nf2z5wdkk846MlpaOucO4h9tnB95Cc6NirsQMFXDTRaU:NAIkk84Hp/vl6XXDk
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-