General
-
Target
pub2.exe
-
Size
283KB
-
Sample
210625-3vdj7v3wd6
-
MD5
ba5f59b90d28e56e342eb5691116ed61
-
SHA1
324dcd1ae37439d190e042188eacbd574d32f101
-
SHA256
df00279749a73b854f3d6415a49e7cd0ea507b69b510d7505f2ca7c908d25a4a
-
SHA512
4c2b6ea416373671ec163d890b70352ce1c382b18c3fd922872534344924f6d3707b9fb8ab289e3aa74432d56cfb94902b8c677f7c4ec7997f24406312dacc0b
Static task
static1
Behavioral task
behavioral1
Sample
pub2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
pub2.exe
Resource
win10v20210408
Malware Config
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Extracted
redline
sew
185.215.113.64:8765
Targets
-
-
Target
pub2.exe
-
Size
283KB
-
MD5
ba5f59b90d28e56e342eb5691116ed61
-
SHA1
324dcd1ae37439d190e042188eacbd574d32f101
-
SHA256
df00279749a73b854f3d6415a49e7cd0ea507b69b510d7505f2ca7c908d25a4a
-
SHA512
4c2b6ea416373671ec163d890b70352ce1c382b18c3fd922872534344924f6d3707b9fb8ab289e3aa74432d56cfb94902b8c677f7c4ec7997f24406312dacc0b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-