General
-
Target
6ea12df430364986e22d11e6793a493b.exe
-
Size
195KB
-
Sample
230123-kbvbyseb5s
-
MD5
6ea12df430364986e22d11e6793a493b
-
SHA1
075f0b6c0f9e9c3a2d5988535b83ce625eba9e86
-
SHA256
fe47d357dda7d18ae16d0c1dc046375d332d8aa1b373c9d37d97e2e6a8b50b0d
-
SHA512
ec22105faf9ec8fcb018f778a1dfc7b085f8b39ebf957dcd5a5547de2826e5409cffb2b10f9ee5fd362fd07284910319a2161b31f836dd4e55b9ee90805aa8ef
-
SSDEEP
3072:JBN0XCo3pTLT0FFbcEqjO5k3AyVNCLZp2ie9Dq1oFNKj4ygN9a9VUH4fNN:PinLYoEqjYZX14ggqa
Static task
static1
Behavioral task
behavioral1
Sample
6ea12df430364986e22d11e6793a493b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
6ea12df430364986e22d11e6793a493b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
2.1
237
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
237
Extracted
redline
anydesk-usa
89.163.146.82:25313
-
auth_value
3048255396a3eb3d3aa36222e7cab88d
Targets
-
-
Target
6ea12df430364986e22d11e6793a493b.exe
-
Size
195KB
-
MD5
6ea12df430364986e22d11e6793a493b
-
SHA1
075f0b6c0f9e9c3a2d5988535b83ce625eba9e86
-
SHA256
fe47d357dda7d18ae16d0c1dc046375d332d8aa1b373c9d37d97e2e6a8b50b0d
-
SHA512
ec22105faf9ec8fcb018f778a1dfc7b085f8b39ebf957dcd5a5547de2826e5409cffb2b10f9ee5fd362fd07284910319a2161b31f836dd4e55b9ee90805aa8ef
-
SSDEEP
3072:JBN0XCo3pTLT0FFbcEqjO5k3AyVNCLZp2ie9Dq1oFNKj4ygN9a9VUH4fNN:PinLYoEqjYZX14ggqa
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-