General
-
Target
704efe9ce9de3a92a96a16f2c820911462a86512c4ef1e7ba7c489ac6e908e54
-
Size
231KB
-
Sample
221225-x8cvdsca38
-
MD5
2db7bebba00ee118935f0d8b53f2728a
-
SHA1
0ffb01b108d6822595190332cf7bcef0c8453eaf
-
SHA256
704efe9ce9de3a92a96a16f2c820911462a86512c4ef1e7ba7c489ac6e908e54
-
SHA512
539b5a66f82708f43478c95c34f7f93f0d9bff24d37c3a353a6a3b0578e419a3f277f080b214fd834dba4a84588097d50fd5d357226834d3e928ac6fe4c0c783
-
SSDEEP
3072:0tBvLL6355KBoJ0aOUcJ2oJGYTB8IR5JlS1g/tK8MLrcSb54VIcVTuh:SLL66B1DbTB8IR53tK8ebIr
Static task
static1
Behavioral task
behavioral1
Sample
704efe9ce9de3a92a96a16f2c820911462a86512c4ef1e7ba7c489ac6e908e54.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
704efe9ce9de3a92a96a16f2c820911462a86512c4ef1e7ba7c489ac6e908e54
-
Size
231KB
-
MD5
2db7bebba00ee118935f0d8b53f2728a
-
SHA1
0ffb01b108d6822595190332cf7bcef0c8453eaf
-
SHA256
704efe9ce9de3a92a96a16f2c820911462a86512c4ef1e7ba7c489ac6e908e54
-
SHA512
539b5a66f82708f43478c95c34f7f93f0d9bff24d37c3a353a6a3b0578e419a3f277f080b214fd834dba4a84588097d50fd5d357226834d3e928ac6fe4c0c783
-
SSDEEP
3072:0tBvLL6355KBoJ0aOUcJ2oJGYTB8IR5JlS1g/tK8MLrcSb54VIcVTuh:SLL66B1DbTB8IR53tK8ebIr
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation