General
-
Target
e00ee2b99a1b73170abfc6f2b6006859.bin
-
Size
133KB
-
Sample
230123-l3crnacg79
-
MD5
e308c78743fd9ac7f8aed0fcf589d341
-
SHA1
a2feb0f93dcc46e24ee107993488b31cde51bb3c
-
SHA256
1a47b3bcc6e13043d56a2eca93f89c5abd6b75b1a31eeb0e04e7358edd4409a0
-
SHA512
e17dea446999f60b90088c6f780ce8fc18de43e2d7c93b923f949a163dfb017b4b2f48946d2d6afceda473e91d451433af50441595f8e62ebd60e81754270959
-
SSDEEP
3072:u2PZM8xXT6MaeY/x4342gPNChc+m50+mD5WBG/sOL4LV2:lZNj677x4DcwDgBG/nL4Q
Static task
static1
Behavioral task
behavioral1
Sample
89fcd985190ac07b1f244e1b372c0ef9b5a18f4bcffeac8b559f2db6affabdcf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
89fcd985190ac07b1f244e1b372c0ef9b5a18f4bcffeac8b559f2db6affabdcf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
vidar
2.1
237
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
237
Extracted
redline
anydesk-usa
89.163.146.82:25313
-
auth_value
3048255396a3eb3d3aa36222e7cab88d
Targets
-
-
Target
89fcd985190ac07b1f244e1b372c0ef9b5a18f4bcffeac8b559f2db6affabdcf.exe
-
Size
210KB
-
MD5
e00ee2b99a1b73170abfc6f2b6006859
-
SHA1
b0051063d3c2d31496a749651ab51dcf20311e9d
-
SHA256
89fcd985190ac07b1f244e1b372c0ef9b5a18f4bcffeac8b559f2db6affabdcf
-
SHA512
c854152f3f2688b4786ae7cc86800d8fa61ef3c085faa7f5e9dd3a8431083d04e1356b6b685acefcaca2454aade965fb0214d151c34c0e30e47a772e82688800
-
SSDEEP
3072:GXDbSdwTyJuW35s4xAZFDItQC6tgb2OtxWWrwapb:uKrJuWN+WWtgbVjp
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-