General
-
Target
fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
-
Size
230KB
-
Sample
221226-lc1e2afh3z
-
MD5
db2733de17c0f4415fb9d0cd788c61f8
-
SHA1
4652463e2b22e0a1d9d18ede3b3a4145cdccfac9
-
SHA256
fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
-
SHA512
023233c85bb326452a5b1824eb22b81ffc792f26acb14d0ed434aa8ddedbd9ff0aa54bbdbcbb179ab98ea3b8f01820a66d73b19d9631dd727ac300805ba1a234
-
SSDEEP
3072:N7tnLQGk5jcHEDcUvjCc+s1dRcyFxqKlS1g/tK8XlaLLrcSb54VIcVTuh:fL72dgkGc+sviax7tK81QbIr
Static task
static1
Behavioral task
behavioral1
Sample
fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
-
Size
230KB
-
MD5
db2733de17c0f4415fb9d0cd788c61f8
-
SHA1
4652463e2b22e0a1d9d18ede3b3a4145cdccfac9
-
SHA256
fb64b7e890088c50c4d1209a0024177842684cec5c88051cf8d4a8f4ad737eeb
-
SHA512
023233c85bb326452a5b1824eb22b81ffc792f26acb14d0ed434aa8ddedbd9ff0aa54bbdbcbb179ab98ea3b8f01820a66d73b19d9631dd727ac300805ba1a234
-
SSDEEP
3072:N7tnLQGk5jcHEDcUvjCc+s1dRcyFxqKlS1g/tK8XlaLLrcSb54VIcVTuh:fL72dgkGc+sviax7tK81QbIr
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-