General
-
Target
ea39394d818d5df776aced83ce237776741656639b3ecc2c43dda511aa7dd486
-
Size
243KB
-
Sample
210919-s77wxscbd3
-
MD5
82bb4b066a15d84a9d833961b53bdfdd
-
SHA1
9edd98007dbd6337ac96621967c16fee27bfa7ec
-
SHA256
ea39394d818d5df776aced83ce237776741656639b3ecc2c43dda511aa7dd486
-
SHA512
e4cb4bfe763b8aa8185cb06988e597172d722a10913afede98e90a6ec096f37aced38d7e22c696759cd178605e22189dba7fc7ba867ad5dd6529fc21c1c3a8cb
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://venerynnet1.top/
http://kevonahira2.top/
http://vegangelist3.top/
http://kingriffaele4.top/
http://arakeishant5.top/
Extracted
redline
UDP
45.9.20.20:13441
Targets
-
-
Target
ea39394d818d5df776aced83ce237776741656639b3ecc2c43dda511aa7dd486
-
Size
243KB
-
MD5
82bb4b066a15d84a9d833961b53bdfdd
-
SHA1
9edd98007dbd6337ac96621967c16fee27bfa7ec
-
SHA256
ea39394d818d5df776aced83ce237776741656639b3ecc2c43dda511aa7dd486
-
SHA512
e4cb4bfe763b8aa8185cb06988e597172d722a10913afede98e90a6ec096f37aced38d7e22c696759cd178605e22189dba7fc7ba867ad5dd6529fc21c1c3a8cb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-