General
-
Target
3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
-
Size
232KB
-
Sample
221226-keytjscf44
-
MD5
5e584245a4447107219c48f4d9be90af
-
SHA1
cef0260dca891d4de275c40f091d4fed1be2cd12
-
SHA256
3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
-
SHA512
c0e4a1c1f8907ba0f6e9512d5d2685e3807582b3a4a2474a9d5173891587715b363597d659c551896093fa6bc94e22f1926f86b5f59bd46509e2991bbc4ea3ab
-
SSDEEP
3072:rNOU/Ll55hE37Bwg2PpDNj/hAvlS1g/tK8iHAaLrcSb54VIcVTuh:7LllE37Bw9xDfARtK8iHAsbIr
Static task
static1
Behavioral task
behavioral1
Sample
3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
-
Size
232KB
-
MD5
5e584245a4447107219c48f4d9be90af
-
SHA1
cef0260dca891d4de275c40f091d4fed1be2cd12
-
SHA256
3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
-
SHA512
c0e4a1c1f8907ba0f6e9512d5d2685e3807582b3a4a2474a9d5173891587715b363597d659c551896093fa6bc94e22f1926f86b5f59bd46509e2991bbc4ea3ab
-
SSDEEP
3072:rNOU/Ll55hE37Bwg2PpDNj/hAvlS1g/tK8iHAaLrcSb54VIcVTuh:7LllE37Bw9xDfARtK8iHAsbIr
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation