General
-
Target
42c7e0e48a3d7c575057835b5a0a1914.exe
-
Size
259KB
-
Sample
211023-2pypzacdf2
-
MD5
42c7e0e48a3d7c575057835b5a0a1914
-
SHA1
c6c74becdcb1cac408df8a1095e92f099f3670a9
-
SHA256
e3ed1dda5777f5cd585829d39bdcc898a2596dc5395ca7228b82226d183cf39c
-
SHA512
fe63edd5811aa382de164a931310b77a38ed21b4a1ed6810a5e83cd5e8ca1f24e7d31f20c95d7855a61c30fe5db3483ad677d634e25632aa7b5db559af6b5c38
Static task
static1
Behavioral task
behavioral1
Sample
42c7e0e48a3d7c575057835b5a0a1914.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://gejajoo7.top/
http://sysaheu9.top/
http://xacokuo8.top/
http://hajezey1.top/
Extracted
amadey
2.70
185.215.113.45/g4MbvE/index.php
Targets
-
-
Target
42c7e0e48a3d7c575057835b5a0a1914.exe
-
Size
259KB
-
MD5
42c7e0e48a3d7c575057835b5a0a1914
-
SHA1
c6c74becdcb1cac408df8a1095e92f099f3670a9
-
SHA256
e3ed1dda5777f5cd585829d39bdcc898a2596dc5395ca7228b82226d183cf39c
-
SHA512
fe63edd5811aa382de164a931310b77a38ed21b4a1ed6810a5e83cd5e8ca1f24e7d31f20c95d7855a61c30fe5db3483ad677d634e25632aa7b5db559af6b5c38
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-