General
-
Target
b0fe18bb22689fb4fe51f4dc5122e31d.exe
-
Size
350KB
-
Sample
210421-wdjbvd9g9s
-
MD5
b0fe18bb22689fb4fe51f4dc5122e31d
-
SHA1
9d6d249108d971a79a7f2b575ac33f6062db0d35
-
SHA256
b33514e7b334b8aee694323114c7d2694f3cdb49c7614291ca8f064c23ff8542
-
SHA512
9ed0ec74b0cff542f0a4c94e8bd895d73471b631d06338eddaaa6b10d62d38c02d7d951bf052d5fc7f86ee82bef625965a20933c3f64516b6d901e24b144e116
Static task
static1
Behavioral task
behavioral1
Sample
b0fe18bb22689fb4fe51f4dc5122e31d.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b0fe18bb22689fb4fe51f4dc5122e31d.exe
Resource
win10v20210408
Malware Config
Extracted
asyncrat
:
- aes_key
- anti_detection
- autorun
- bdos
- delay
- host
-
hwid
Write
- install_file
-
install_folder
9wtf8vJWrK9n5Pvmm3.PdjESA4ZeMeJJbLWA4
- mutex
- pastebin_config
- port
- version
Extracted
smokeloader
2020
http://greenco2020.top/
http://greenco2021.top/
http://greenco2022.top/
Targets
-
-
Target
b0fe18bb22689fb4fe51f4dc5122e31d.exe
-
Size
350KB
-
MD5
b0fe18bb22689fb4fe51f4dc5122e31d
-
SHA1
9d6d249108d971a79a7f2b575ac33f6062db0d35
-
SHA256
b33514e7b334b8aee694323114c7d2694f3cdb49c7614291ca8f064c23ff8542
-
SHA512
9ed0ec74b0cff542f0a4c94e8bd895d73471b631d06338eddaaa6b10d62d38c02d7d951bf052d5fc7f86ee82bef625965a20933c3f64516b6d901e24b144e116
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
Nirsoft
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-