General
-
Target
47c96fae088849b0688d8fb9b9bc912d.exe
-
Size
194KB
-
Sample
230123-khkfbseb7s
-
MD5
47c96fae088849b0688d8fb9b9bc912d
-
SHA1
3f7056c88cc969839da1bec05d5377e9a030710c
-
SHA256
0d768d53c48bad8d7d80f7865d4037dcb695554d746cc47a088b4d82a0f2de26
-
SHA512
178841cb476ff98cd866a0bec87b47b11483596b461ad4106da16061ff7eb3909543addd4c001bfc9df6c7072d8925447c59763fd65a507ed76fcbb1c75d248c
-
SSDEEP
3072:PBN0XqPk+S8LWvFSS5pG9RBOh/dNOZMpp/6ayUfF6MK+uO/MG4Y:JiqLWNSUqRUHNTpp/oUfIL+uO//4
Static task
static1
Behavioral task
behavioral1
Sample
47c96fae088849b0688d8fb9b9bc912d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
47c96fae088849b0688d8fb9b9bc912d.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
vidar
2.1
237
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
237
Extracted
redline
anydesk-usa
89.163.146.82:25313
-
auth_value
3048255396a3eb3d3aa36222e7cab88d
Targets
-
-
Target
47c96fae088849b0688d8fb9b9bc912d.exe
-
Size
194KB
-
MD5
47c96fae088849b0688d8fb9b9bc912d
-
SHA1
3f7056c88cc969839da1bec05d5377e9a030710c
-
SHA256
0d768d53c48bad8d7d80f7865d4037dcb695554d746cc47a088b4d82a0f2de26
-
SHA512
178841cb476ff98cd866a0bec87b47b11483596b461ad4106da16061ff7eb3909543addd4c001bfc9df6c7072d8925447c59763fd65a507ed76fcbb1c75d248c
-
SSDEEP
3072:PBN0XqPk+S8LWvFSS5pG9RBOh/dNOZMpp/6ayUfF6MK+uO/MG4Y:JiqLWNSUqRUHNTpp/oUfIL+uO//4
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-