General
-
Target
e9f8b316306170264c2640f235e5d7dd2470d74123566509d7a21984778720dd
-
Size
139KB
-
Sample
221225-14fx2afc8z
-
MD5
682a4cc5de83b7c3d59c80745c1f2665
-
SHA1
0e4296be37d7bf96ff21503063ef0128326629a8
-
SHA256
919e028e6404fd8b902500a8b28387b2d336fe80ab1a0b3ba9924468a4aee0e2
-
SHA512
c0785451674919bea22d2e7514e113962ba3ddf8ae05af421a4833e3c4b0c95788607a3010a44f4bfb36b3aca6604141a6c71b801604bfacf6c4a88dc76252c6
-
SSDEEP
3072:WszyILGLSR4CP6R/DVM/UHUU3UD/Nb9+XuwdoqhTq/0qU4:WmEM4H/lUU3UD/Nb9++wm2I0Q
Static task
static1
Behavioral task
behavioral1
Sample
e9f8b316306170264c2640f235e5d7dd2470d74123566509d7a21984778720dd.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e9f8b316306170264c2640f235e5d7dd2470d74123566509d7a21984778720dd.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
e9f8b316306170264c2640f235e5d7dd2470d74123566509d7a21984778720dd
-
Size
231KB
-
MD5
ff58b2c40941c7066739fe425f01d928
-
SHA1
ea2044c506fcea503f82fe1bc74c031db636aa59
-
SHA256
e9f8b316306170264c2640f235e5d7dd2470d74123566509d7a21984778720dd
-
SHA512
e42721c6062dc72d5f6141a4bc21140e571259b97443a306debdaea72864d452c8b04429d66743db6915af57ce2ddcff352fe4962fe0eb2ef9b109237502d6a7
-
SSDEEP
3072:c5d+LO82n5TfpgX4h2XVCkFLq5c6Ka8tJ/OkZFw7RkxmJZs:cWLp2BOFCkFu57iJ/OkrGymI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation