General
-
Target
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
Size
140KB
-
Sample
221225-1z9dsacb62
-
MD5
4598a411ec127bec13ef94176eabfb26
-
SHA1
55bda59bbfb47dc6274187f722560d0f1f5df966
-
SHA256
6c052b73219dcaeb947c5ebf223d567747bd03c17194f42eda2cef165315db7c
-
SHA512
2bef4ecc4ee437ad16d8e298a6253f57b63e65a084427bfff90072adf4acb747678f6cb3991b7458da0bd56d2bc1ba6a017ca20807571d5131bd3d64396b7546
-
SSDEEP
3072:FUXI8wPKa/I9bjUkogsiXWK6Bj3O3vqGfTe6iIwnRO1zEsY:a8LAZjegsLMcVRWwv
Static task
static1
Behavioral task
behavioral1
Sample
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
Size
231KB
-
MD5
801d35bad81609af210c455e11d2f13d
-
SHA1
f3e56dde38c5d425d196ab218859a87250c1c0c3
-
SHA256
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
SHA512
95b36568c332e5a812d057a288b880b7161459b9b1474282f7cd843d5ff4c709c979fb00f04dc796098722662f1155f6cdf6e7da471e2eb732f05a8c48b96df9
-
SSDEEP
3072:Vni+LdxD4qH5W5EWfLv+tU6o+D8wxqUMTOLtJ/33bRS1w7RkxmJZs:V3L3D4qqEQL167jFigJ/7E1GymI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation