General
-
Target
d05a0e9e76503d6b0353060083d4e409.exe
-
Size
330KB
-
Sample
230123-massvach33
-
MD5
d05a0e9e76503d6b0353060083d4e409
-
SHA1
a4f186c5f493f3a71185e5b4b2a5c0962ba0321e
-
SHA256
d490007cb5dcc0234f507f65dedd72886986141ed4922f038401ec1a4008aca1
-
SHA512
d582f05fde248fb2f776b67eb286c6bb0c7ba0bb218f6547c89fe6ca6b7fbc90a7ab9c81ba69b2de31ddc5a709f304e9658362ded3732bde9289e63f90c05b4a
-
SSDEEP
6144:6fLLl2dT29+7FhAHHU9W9kSDJg8TEtQK/fu1d0FeXCmTbV:6fHlmTJ7FhX9cvNgZtQKXu1rC
Static task
static1
Behavioral task
behavioral1
Sample
d05a0e9e76503d6b0353060083d4e409.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d05a0e9e76503d6b0353060083d4e409.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
2.1
237
https://t.me/jetbim2
https://steamcommunity.com/profiles/76561199471266194
-
profile_id
237
Extracted
redline
anydesk-usa
89.163.146.82:25313
-
auth_value
3048255396a3eb3d3aa36222e7cab88d
Targets
-
-
Target
d05a0e9e76503d6b0353060083d4e409.exe
-
Size
330KB
-
MD5
d05a0e9e76503d6b0353060083d4e409
-
SHA1
a4f186c5f493f3a71185e5b4b2a5c0962ba0321e
-
SHA256
d490007cb5dcc0234f507f65dedd72886986141ed4922f038401ec1a4008aca1
-
SHA512
d582f05fde248fb2f776b67eb286c6bb0c7ba0bb218f6547c89fe6ca6b7fbc90a7ab9c81ba69b2de31ddc5a709f304e9658362ded3732bde9289e63f90c05b4a
-
SSDEEP
6144:6fLLl2dT29+7FhAHHU9W9kSDJg8TEtQK/fu1d0FeXCmTbV:6fHlmTJ7FhX9cvNgZtQKXu1rC
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-