General
-
Target
1b5d90a6503efeece07b90f7c482bc754460f77f4357d2aca27a8b92a97514c8
-
Size
244KB
-
Sample
210919-wvgezscda2
-
MD5
4562aeca8c423018ca7939ec51c7d854
-
SHA1
dcaa06425f7eac665d008ce58b05052a84bb95b0
-
SHA256
1b5d90a6503efeece07b90f7c482bc754460f77f4357d2aca27a8b92a97514c8
-
SHA512
b3beac00c99439369a4906808d1ded8614dd3c6fc1256a3c96d9469a78820aab58d2c884e62562e45ce97fa857581312daf6665b9d107f2390de12ec9ff3b92f
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://venerynnet1.top/
http://kevonahira2.top/
http://vegangelist3.top/
http://kingriffaele4.top/
http://arakeishant5.top/
Extracted
redline
UDP
45.9.20.20:13441
Extracted
redline
@Apafanaell
45.81.225.228:10774
Targets
-
-
Target
1b5d90a6503efeece07b90f7c482bc754460f77f4357d2aca27a8b92a97514c8
-
Size
244KB
-
MD5
4562aeca8c423018ca7939ec51c7d854
-
SHA1
dcaa06425f7eac665d008ce58b05052a84bb95b0
-
SHA256
1b5d90a6503efeece07b90f7c482bc754460f77f4357d2aca27a8b92a97514c8
-
SHA512
b3beac00c99439369a4906808d1ded8614dd3c6fc1256a3c96d9469a78820aab58d2c884e62562e45ce97fa857581312daf6665b9d107f2390de12ec9ff3b92f
-
Modifies security service
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-