Overview

overview

10

Static

static

pub2.exe

windows7_x64

pub2.exe

windows10_x64

10

Resubmissions

25-06-2021 19:59

210625-3vdj7v3wd6 10

15-06-2021 12:05

210615-tqnz14t6fn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pub2.exe

  • Size

    283KB

  • Sample

    210625-3vdj7v3wd6

  • MD5

    ba5f59b90d28e56e342eb5691116ed61

  • SHA1

    324dcd1ae37439d190e042188eacbd574d32f101

  • SHA256

    df00279749a73b854f3d6415a49e7cd0ea507b69b510d7505f2ca7c908d25a4a

  • SHA512

    4c2b6ea416373671ec163d890b70352ce1c382b18c3fd922872534344924f6d3707b9fb8ab289e3aa74432d56cfb94902b8c677f7c4ec7997f24406312dacc0b

Score
10/10
redlinesmokeloadersewbackdoorbootkitinfostealerpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://ppcspb.com/upload/

http://mebbing.com/upload/

http://twcamel.com/upload/

http://howdycash.com/upload/

http://lahuertasonora.com/upload/

http://kpotiques.com/upload/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

sew

C2

185.215.113.64:8765

Targets

    • Target

      pub2.exe

    • Size

      283KB

    • MD5

      ba5f59b90d28e56e342eb5691116ed61

    • SHA1

      324dcd1ae37439d190e042188eacbd574d32f101

    • SHA256

      df00279749a73b854f3d6415a49e7cd0ea507b69b510d7505f2ca7c908d25a4a

    • SHA512

      4c2b6ea416373671ec163d890b70352ce1c382b18c3fd922872534344924f6d3707b9fb8ab289e3aa74432d56cfb94902b8c677f7c4ec7997f24406312dacc0b

    Score
    10/10
    redlinesmokeloadersewbackdoorbootkitinfostealerpersistencetrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks