General
-
Target
70800F0E430D4C9AE411AA87EF26870D.exe
-
Size
3.0MB
-
Sample
210721-54lshnvdhx
-
MD5
70800f0e430d4c9ae411aa87ef26870d
-
SHA1
ae3108303791bf71f3d8a22a81950f56d064ec60
-
SHA256
242b050cc122233e783283296a736b689acfb116c68047c52252a012ba322499
-
SHA512
1746b4407479ab721c7df75bce318fc0251154732e988bd92a65a686da20f71cd7f9705e5a37bf939f4aa5bc64a722b8a73465c58517dc254377a28d20ac2c4c
Static task
static1
Behavioral task
behavioral1
Sample
70800F0E430D4C9AE411AA87EF26870D.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
70800F0E430D4C9AE411AA87EF26870D.exe
Resource
win10v20210410
Malware Config
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Extracted
redline
AniNEW
akedauiver.xyz:80
Extracted
vidar
39.6
933
https://sslamlssa1.tumblr.com/
-
profile_id
933
Extracted
redline
2007
37.1.219.52:6534
Targets
-
-
Target
70800F0E430D4C9AE411AA87EF26870D.exe
-
Size
3.0MB
-
MD5
70800f0e430d4c9ae411aa87ef26870d
-
SHA1
ae3108303791bf71f3d8a22a81950f56d064ec60
-
SHA256
242b050cc122233e783283296a736b689acfb116c68047c52252a012ba322499
-
SHA512
1746b4407479ab721c7df75bce318fc0251154732e988bd92a65a686da20f71cd7f9705e5a37bf939f4aa5bc64a722b8a73465c58517dc254377a28d20ac2c4c
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-