General
-
Target
47d6ed6eb2b930ec19fba5a5f4bdb632.bin
-
Size
201KB
-
Sample
230123-krzavace54
-
MD5
c1d1f5b00cdaf0ea6626ea1dbe9e32c0
-
SHA1
382acef5e59882c4c97d3c88aad5484a8ec9003d
-
SHA256
14a07677c0415e1985bccd51338ecaa73c08b4be5173b543f53b600ea3409807
-
SHA512
80b4cf82c9987c4b5c2f07bb2e8ad2a11355aa84f4d6b27e22b531fa1f94ffbfab3abe732f8bcf9c54a49e96388772f361e1680a4e89dda9e9d2180282147b4a
-
SSDEEP
3072:22TyRq6bXC4GFi+dVq6LTry88TgHaNIyJEjHqKTQLqFJFdSLZMlHfdSwaiRKaidI:22TyA2XC9FZqO3yLQjGDHqdgZEHsbax
Static task
static1
Behavioral task
behavioral1
Sample
760eaa8737908a36b3530d765ccfa47e049abdb2f3d8a77f11eddeebdeabd60f.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
760eaa8737908a36b3530d765ccfa47e049abdb2f3d8a77f11eddeebdeabd60f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
vidar
2.1
237
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
237
Extracted
redline
anydesk-usa
89.163.146.82:25313
-
auth_value
3048255396a3eb3d3aa36222e7cab88d
Targets
-
-
Target
760eaa8737908a36b3530d765ccfa47e049abdb2f3d8a77f11eddeebdeabd60f.exe
-
Size
291KB
-
MD5
47d6ed6eb2b930ec19fba5a5f4bdb632
-
SHA1
9c71877c95162d128fa0f41603f433b5fa2a3b9a
-
SHA256
760eaa8737908a36b3530d765ccfa47e049abdb2f3d8a77f11eddeebdeabd60f
-
SHA512
692efbfc3abd927ff6a5a9f0e286e2d4c4946ade03c66d42843e4108e1a927d1d49a643c4b70c66b4ccc44530cda70d3dd17dc1e50fbcd5c987d1e98c292274d
-
SSDEEP
6144:PCfW/LUkDQuABl5Z5XFhNm1vDhqYSlJZ9tzrSA3H:PSW/lD98tJFXADMVZ9P3
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-