General
-
Target
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75.exe
-
Size
145KB
-
Sample
210823-klb94t49vs
-
MD5
a76ca993bfa88c55aade74519e1bf5e5
-
SHA1
e99d9d5217ecab7b1de140f2dc0bf0a3f8747f25
-
SHA256
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75
-
SHA512
e6fc1428818f48d548e6a1d970ff7c4cf11e3f326f79c0416acd61fa2061b0c2285a502576ede678879c9b80410c9d5ae9451e83b2f3b09c6792d7f1e9e95ea6
Static task
static1
Behavioral task
behavioral1
Sample
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75.exe
Resource
win7v20210410
Malware Config
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
redline
@soul3ss
188.130.139.12:30376
Targets
-
-
Target
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75.exe
-
Size
145KB
-
MD5
a76ca993bfa88c55aade74519e1bf5e5
-
SHA1
e99d9d5217ecab7b1de140f2dc0bf0a3f8747f25
-
SHA256
cd62e4fee322712a02787bcc881712ee41b99f8e8de3e425d90399bf5bf5fe75
-
SHA512
e6fc1428818f48d548e6a1d970ff7c4cf11e3f326f79c0416acd61fa2061b0c2285a502576ede678879c9b80410c9d5ae9451e83b2f3b09c6792d7f1e9e95ea6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-