redline | d74a07eeb26faeed4799f582bcb3c22ba985cc7bf21685d3b6e37aa694a72d97 | Triage

Submit
Reports

Overview

overview

Static

static

2A0A05BCAE...69.exe

windows7_x64

2A0A05BCAE...69.exe

windows10_x64

Sharing

General

Target

2A0A05BCAE0114F543206ED1A81A8C69.exe
Size

1.5MB
Sample

210731-8t7j6gksse
MD5

2a0a05bcae0114f543206ed1a81a8c69
SHA1

0e6b17c5c3dcab55697b4589e8a239961fac9ed0
SHA256

d74a07eeb26faeed4799f582bcb3c22ba985cc7bf21685d3b6e37aa694a72d97
SHA512

5aaee090fc713af1add2a040bb6cfdde26650c6991249d7cfe94bfdb04e5a9a65f2ede7db317a2eb67e0763a097c997612fbef2c9829053e81bb6d9afe97f9cb

Score

10^/10

redline smokeloader sewpalpadin aspackv2 backdoor discovery evasion infostealer persistence suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

2A0A05BCAE0114F543206ED1A81A8C69.exe

Resource

win7v20210408

redline smokeloader sewpalpadin aspackv2 backdoor discovery evasion infostealer persistence suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2A0A05BCAE0114F543206ED1A81A8C69.exe

Resource

win10v20210410

smokeloader aspackv2 backdoor evasion trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

SewPalpadin

C2

185.215.113.114:8887

Targets

- Target
  
  2A0A05BCAE0114F543206ED1A81A8C69.exe
- Size
  
  1.5MB
- MD5
  
  2a0a05bcae0114f543206ed1a81a8c69
- SHA1
  
  0e6b17c5c3dcab55697b4589e8a239961fac9ed0
- SHA256
  
  d74a07eeb26faeed4799f582bcb3c22ba985cc7bf21685d3b6e37aa694a72d97
- SHA512
  
  5aaee090fc713af1add2a040bb6cfdde26650c6991249d7cfe94bfdb04e5a9a65f2ede7db317a2eb67e0763a097c997612fbef2c9829053e81bb6d9afe97f9cb
Score

10^/10

redline smokeloader sewpalpadin aspackv2 backdoor discovery evasion infostealer persistence suricata trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
  suricata
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

File Permissions Modification

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesmokeloadersewpalpadinaspackv2backdoordiscoveryevasioninfostealerpersistencesuricatatrojan

behavioral2

smokeloaderaspackv2backdoorevasiontrojan

© 2018-2024

Terms | Privacy