General
-
Target
749FA83717A6BD29603A50A5DA3DB0B2.exe
-
Size
4.5MB
-
Sample
210701-l5lj3lb7jn
-
MD5
749fa83717a6bd29603a50a5da3db0b2
-
SHA1
e0c95ffba66e81b2ccc002222b38a23959830a00
-
SHA256
f27bfb9eecdf84fad6afec20037b2041c052d8b5cab29ac28ae143e611563202
-
SHA512
ee204504c6b7ffc2d0ff89204c7ecefc5824073ebae1a7d9d165678f96114f7172b52eda2791f4652b0eaad72ebaf93e8a1d9837fe79bb443d0d58988d58cee2
Static task
static1
Behavioral task
behavioral1
Sample
749FA83717A6BD29603A50A5DA3DB0B2.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
749FA83717A6BD29603A50A5DA3DB0B2.exe
Resource
win10v20210410
Malware Config
Extracted
redline
DomAni
ergerr3.top:80
Extracted
smokeloader
2020
http://ppcspb.com/upload/
http://mebbing.com/upload/
http://twcamel.com/upload/
http://howdycash.com/upload/
http://lahuertasonora.com/upload/
http://kpotiques.com/upload/
Targets
-
-
Target
749FA83717A6BD29603A50A5DA3DB0B2.exe
-
Size
4.5MB
-
MD5
749fa83717a6bd29603a50a5da3db0b2
-
SHA1
e0c95ffba66e81b2ccc002222b38a23959830a00
-
SHA256
f27bfb9eecdf84fad6afec20037b2041c052d8b5cab29ac28ae143e611563202
-
SHA512
ee204504c6b7ffc2d0ff89204c7ecefc5824073ebae1a7d9d165678f96114f7172b52eda2791f4652b0eaad72ebaf93e8a1d9837fe79bb443d0d58988d58cee2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-