General
-
Target
e5edbc2d1e96d694273619e7d88b22c2d0b2373179dd73d0534792df01d19ca7
-
Size
292KB
-
Sample
211015-eka2saaee5
-
MD5
95d0ee800e702055e12e02c0d87d1648
-
SHA1
7e443bf2cab72442c7e9b6c8759e3bd58823ee38
-
SHA256
e5edbc2d1e96d694273619e7d88b22c2d0b2373179dd73d0534792df01d19ca7
-
SHA512
61015364cec9186f4b19312f9567f736fd96d8fe18a67347b3d3e73ae7b432fb591ca867cffb30401b02f3bb6f4f8699dd2d062247c9758008684aaac741b61b
Static task
static1
Behavioral task
behavioral1
Sample
e5edbc2d1e96d694273619e7d88b22c2d0b2373179dd73d0534792df01d19ca7.exe
Resource
win10-en-20211014
Malware Config
Extracted
smokeloader
2020
http://honawey7.top/
http://wijibui0.top/
http://hefahei6.top/
http://pipevai4.top/
http://nalirou7.top/
Extracted
raccoon
1.8.2
fbe5e97e7d069407605ee9138022aa82166657e6
-
url4cnc
http://telemirror.top/stevuitreen
http://tgmirror.top/stevuitreen
http://telegatt.top/stevuitreen
http://telegka.top/stevuitreen
http://telegin.top/stevuitreen
https://t.me/stevuitreen
Extracted
redline
MegaProliv2
93.115.20.139:28978
Targets
-
-
Target
e5edbc2d1e96d694273619e7d88b22c2d0b2373179dd73d0534792df01d19ca7
-
Size
292KB
-
MD5
95d0ee800e702055e12e02c0d87d1648
-
SHA1
7e443bf2cab72442c7e9b6c8759e3bd58823ee38
-
SHA256
e5edbc2d1e96d694273619e7d88b22c2d0b2373179dd73d0534792df01d19ca7
-
SHA512
61015364cec9186f4b19312f9567f736fd96d8fe18a67347b3d3e73ae7b432fb591ca867cffb30401b02f3bb6f4f8699dd2d062247c9758008684aaac741b61b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-