General
-
Target
bab4569b91afc1b8e96f1f39708c41bd.exe
-
Size
3.9MB
-
Sample
211022-xcb8zschdq
-
MD5
bab4569b91afc1b8e96f1f39708c41bd
-
SHA1
fa6afc54f0e7a0a8a0477d9ac7a18334dc4814d5
-
SHA256
4cd754af5d3b9faa7e9626f79fccc35464224247a10f4d01ef502a0423e637a7
-
SHA512
2eb453d3d0e6eb44bb3bd339186bf8ba36252a88b4893ce3112fff12a2108573577f20862294349be7a8b82ad0e26d9ede85d219a5fc08bd8f931fb580ec3a27
Static task
static1
Behavioral task
behavioral1
Sample
bab4569b91afc1b8e96f1f39708c41bd.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://gmpeople.com/upload/
http://mile48.com/upload/
http://lecanardstsornin.com/upload/
http://m3600.com/upload/
http://camasirx.com/upload/
Extracted
redline
she
135.181.129.119:4805
Extracted
vidar
41.5
937
https://mas.to/@xeroxxx
-
profile_id
937
Targets
-
-
Target
bab4569b91afc1b8e96f1f39708c41bd.exe
-
Size
3.9MB
-
MD5
bab4569b91afc1b8e96f1f39708c41bd
-
SHA1
fa6afc54f0e7a0a8a0477d9ac7a18334dc4814d5
-
SHA256
4cd754af5d3b9faa7e9626f79fccc35464224247a10f4d01ef502a0423e637a7
-
SHA512
2eb453d3d0e6eb44bb3bd339186bf8ba36252a88b4893ce3112fff12a2108573577f20862294349be7a8b82ad0e26d9ede85d219a5fc08bd8f931fb580ec3a27
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M1
suricata: ET MALWARE Win32/Kryptik.HMCH Dropper User-Agent M1
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-