General
-
Target
ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
-
Size
337KB
-
Sample
211025-c9zqbsgdgj
-
MD5
4c5976903900fe29fa50510851c8cf86
-
SHA1
bf4743d9aa89c8fedf17a70a0ecd12d74229b0b4
-
SHA256
ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
-
SHA512
ba8c2239c8411f6aeb9b24c71dc1005a04ff45ad14a4e0e24c195b5e26f028744035ac40d5685dbfcda70e55c030731ab1d91254aa8a8467b1d3d4bf707333bd
Static task
static1
Behavioral task
behavioral1
Sample
ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51.exe
Resource
win10-en-20211014
Malware Config
Extracted
smokeloader
2020
http://xacokuo8.top/
http://hajezey1.top/
Extracted
raccoon
7ebf9b416b72a203df65383eec899dc689d2c3d7
-
url4cnc
http://telegatt.top/agrybirdsgamerept
http://telegka.top/agrybirdsgamerept
http://telegin.top/agrybirdsgamerept
https://t.me/agrybirdsgamerept
Targets
-
-
Target
ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
-
Size
337KB
-
MD5
4c5976903900fe29fa50510851c8cf86
-
SHA1
bf4743d9aa89c8fedf17a70a0ecd12d74229b0b4
-
SHA256
ae058d26ca4c89de15531974144236ecc91d10e104712a03fdb5df2b6d38db51
-
SHA512
ba8c2239c8411f6aeb9b24c71dc1005a04ff45ad14a4e0e24c195b5e26f028744035ac40d5685dbfcda70e55c030731ab1d91254aa8a8467b1d3d4bf707333bd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-