General
-
Target
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
Size
231KB
-
Sample
221225-v3l5rsbg88
-
MD5
a5f5f37a1847dfb887afe130c5838633
-
SHA1
3ffdfe8a0a11303521f287888e0b8669d88433da
-
SHA256
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
SHA512
ffb2e678256ea987eb2c462df2bf4f4e04958bcd37d56a717290da6dc1c12061f84f8b6f303aa593191b15c463a4650962e1d0cadfca5f64b02c73af215cceb7
-
SSDEEP
3072:Rbud1LNTJc5Hm7Gs4V2GEl6pAT23tJ/NewSw7RkxmJZs:R4LVJom7DGndJ/EDGymI
Static task
static1
Behavioral task
behavioral1
Sample
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Extracted
aurora
195.43.142.218:8081
Targets
-
-
Target
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
Size
231KB
-
MD5
a5f5f37a1847dfb887afe130c5838633
-
SHA1
3ffdfe8a0a11303521f287888e0b8669d88433da
-
SHA256
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
SHA512
ffb2e678256ea987eb2c462df2bf4f4e04958bcd37d56a717290da6dc1c12061f84f8b6f303aa593191b15c463a4650962e1d0cadfca5f64b02c73af215cceb7
-
SSDEEP
3072:Rbud1LNTJc5Hm7Gs4V2GEl6pAT23tJ/NewSw7RkxmJZs:R4LVJom7DGndJ/EDGymI
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation