General
-
Target
2d10e11cf76770ce4a4941b7abd930008b79e18306478031df821ef9ae9d5b2e
-
Size
145KB
-
Sample
210926-hfvgeaeec4
-
MD5
d37e1e3dd70bc0035c13ded75f27c930
-
SHA1
0e7f454578fb459f2afd7af721e844bf036597c3
-
SHA256
2d10e11cf76770ce4a4941b7abd930008b79e18306478031df821ef9ae9d5b2e
-
SHA512
381c9c9775bfbf9b82e034effe7d8b8d321d179d1eb34962d444e0fc1096df16d4301a91175bdee75bc8ed371636330634b9e56402234dccba5322055684f03e
Static task
static1
Behavioral task
behavioral1
Sample
2d10e11cf76770ce4a4941b7abd930008b79e18306478031df821ef9ae9d5b2e.exe
Resource
win10-en-20210920
Malware Config
Extracted
smokeloader
2020
http://naghenrietti1.top/
http://kimballiett2.top/
http://xadriettany3.top/
http://jebeccallis4.top/
http://nityanneron5.top/
http://umayaniela6.top/
http://lynettaram7.top/
http://sadineyalas8.top/
http://geenaldencia9.top/
http://aradysiusep10.top/
Extracted
redline
91.236.120.204:20853
Targets
-
-
Target
2d10e11cf76770ce4a4941b7abd930008b79e18306478031df821ef9ae9d5b2e
-
Size
145KB
-
MD5
d37e1e3dd70bc0035c13ded75f27c930
-
SHA1
0e7f454578fb459f2afd7af721e844bf036597c3
-
SHA256
2d10e11cf76770ce4a4941b7abd930008b79e18306478031df821ef9ae9d5b2e
-
SHA512
381c9c9775bfbf9b82e034effe7d8b8d321d179d1eb34962d444e0fc1096df16d4301a91175bdee75bc8ed371636330634b9e56402234dccba5322055684f03e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Deletes itself
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-