General
-
Target
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
Size
140KB
-
Sample
221225-t4e76sbg44
-
MD5
52d87b2cc73c106bc302d15fffa64551
-
SHA1
7bc9213c6c532e57776cd8bf537cbffdb34b26f6
-
SHA256
194d9f1cc306b623a33db91e7867fbe90545f3f24c2315ba08ed1233c942fd31
-
SHA512
52ae431f4a8a2bc96b72629e76b127f043489f184af258273d735e1bd4741eb1bf7a27dd89a8c75fc075d285dd697ce76ed753eb8e3a3885386f1d36eea39148
-
SSDEEP
3072:VUXI8wPKa/I9bjUkogsiXWK6Bj3O3vqGfTe6iIwnRO1zEsM:K8LAZjegsLMcVRWwf
Static task
static1
Behavioral task
behavioral1
Sample
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Extracted
aurora
195.43.142.218:8081
Targets
-
-
Target
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
Size
231KB
-
MD5
801d35bad81609af210c455e11d2f13d
-
SHA1
f3e56dde38c5d425d196ab218859a87250c1c0c3
-
SHA256
18c6d5ec902169904318f43825aff792b44b35fd0df5c042ba391f716b609518
-
SHA512
95b36568c332e5a812d057a288b880b7161459b9b1474282f7cd843d5ff4c709c979fb00f04dc796098722662f1155f6cdf6e7da471e2eb732f05a8c48b96df9
-
SSDEEP
3072:Vni+LdxD4qH5W5EWfLv+tU6o+D8wxqUMTOLtJ/33bRS1w7RkxmJZs:V3L3D4qqEQL167jFigJ/7E1GymI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation