General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.32537.18714
-
Size
336KB
-
Sample
211010-1tc4dsgben
-
MD5
435d4757bcfe29c1f1ea289a2566a3ed
-
SHA1
105406f798f7b8a0b8532a64ad9061e5ae447cdc
-
SHA256
56ae4932aafb8ed85c51038e2f003e829addf08a197890c8989bf0bdc51e7f49
-
SHA512
8b91b78ad5893a0f2a0a0f4f2c99e061a659c5a534daa1e5d23c1f0af861d38cd05e6c9e0e50474106d8fb61e6e10a14025dd3f4d540ef1e67bd9a6edb1622bb
Malware Config
Extracted
smokeloader
2020
http://gmpeople.com/upload/
http://mile48.com/upload/
http://lecanardstsornin.com/upload/
http://m3600.com/upload/
http://camasirx.com/upload/
Extracted
redline
new
45.9.20.107:46187
Extracted
redline
New1
45.140.146.88:57313
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.32537.18714
-
Size
336KB
-
MD5
435d4757bcfe29c1f1ea289a2566a3ed
-
SHA1
105406f798f7b8a0b8532a64ad9061e5ae447cdc
-
SHA256
56ae4932aafb8ed85c51038e2f003e829addf08a197890c8989bf0bdc51e7f49
-
SHA512
8b91b78ad5893a0f2a0a0f4f2c99e061a659c5a534daa1e5d23c1f0af861d38cd05e6c9e0e50474106d8fb61e6e10a14025dd3f4d540ef1e67bd9a6edb1622bb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-