General
-
Target
fe19ca0e7a58af76deaf8136a332980d.exe
-
Size
260KB
-
Sample
211004-tfnjmsgfa4
-
MD5
fe19ca0e7a58af76deaf8136a332980d
-
SHA1
eb2db73c1d1a491c40b117c2cebda8487459d069
-
SHA256
a6e58febc0ae0db669343c61e926780b5c6c121aff886c8d5401ac5740025c45
-
SHA512
5450eebfa571e2b32b7a9f587cc2fbec9fdb9f0bd71591d34126e3e09015180afb4789d830fd2359a252578ef5963ae15e673e28905cb2bd0acb02b334726696
Static task
static1
Behavioral task
behavioral1
Sample
fe19ca0e7a58af76deaf8136a332980d.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
fe19ca0e7a58af76deaf8136a332980d.exe
Resource
win10v20210408
Malware Config
Extracted
smokeloader
2020
http://fiskahlilian16.top/
http://paishancho17.top/
http://ydiannetter18.top/
http://azarehanelle19.top/
http://quericeriant20.top/
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Extracted
redline
Huntington Bank
34.94.44.44:45181
Extracted
redline
@big_tastyyy
87.251.71.44:80
Extracted
raccoon
61491ed5436f034714f70beac9b11914bfa969d2
-
url4cnc
https://t.me/hdmiprapor
Targets
-
-
Target
fe19ca0e7a58af76deaf8136a332980d.exe
-
Size
260KB
-
MD5
fe19ca0e7a58af76deaf8136a332980d
-
SHA1
eb2db73c1d1a491c40b117c2cebda8487459d069
-
SHA256
a6e58febc0ae0db669343c61e926780b5c6c121aff886c8d5401ac5740025c45
-
SHA512
5450eebfa571e2b32b7a9f587cc2fbec9fdb9f0bd71591d34126e3e09015180afb4789d830fd2359a252578ef5963ae15e673e28905cb2bd0acb02b334726696
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-