General
-
Target
279ecacaf6084caf1182f157dae2ed79b2d3090cb74c89c990c912aecfe12c80
-
Size
232KB
-
Sample
221226-gbslksff7t
-
MD5
1771c07026a2874ec2b2364ea82c460a
-
SHA1
d5fa05499777f0206a0a1180f3c2e481e6c2ea4d
-
SHA256
279ecacaf6084caf1182f157dae2ed79b2d3090cb74c89c990c912aecfe12c80
-
SHA512
78c594f2c4d8de0f5dace04e0be184040b585243092e71ebd705c056502fc008b9b45eff735fb6283f4e08379041d4719b3424fdf6cb536ea13f7a76e4484e11
-
SSDEEP
3072:gkGUbxLk7u5RTewCiVvMwwF/VuiHoglS1g/tK8NwxgcPLrcSb54VIcVTuh:gWLk7pwuw4umtK8N1c7bIr
Static task
static1
Behavioral task
behavioral1
Sample
279ecacaf6084caf1182f157dae2ed79b2d3090cb74c89c990c912aecfe12c80.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
279ecacaf6084caf1182f157dae2ed79b2d3090cb74c89c990c912aecfe12c80
-
Size
232KB
-
MD5
1771c07026a2874ec2b2364ea82c460a
-
SHA1
d5fa05499777f0206a0a1180f3c2e481e6c2ea4d
-
SHA256
279ecacaf6084caf1182f157dae2ed79b2d3090cb74c89c990c912aecfe12c80
-
SHA512
78c594f2c4d8de0f5dace04e0be184040b585243092e71ebd705c056502fc008b9b45eff735fb6283f4e08379041d4719b3424fdf6cb536ea13f7a76e4484e11
-
SSDEEP
3072:gkGUbxLk7u5RTewCiVvMwwF/VuiHoglS1g/tK8NwxgcPLrcSb54VIcVTuh:gWLk7pwuw4umtK8N1c7bIr
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation