General
-
Target
3d054e3e93c3fccafea80b7e225da90d205282662800aec4624d0641631202b8
-
Size
262KB
-
Sample
211025-f3mzqsffa4
-
MD5
3ba0b3a3b6d2a66d507acb1f10a24434
-
SHA1
644a4f467c21f8693f7f3c8788360ac3df0fa525
-
SHA256
3d054e3e93c3fccafea80b7e225da90d205282662800aec4624d0641631202b8
-
SHA512
dafa6f2a947598d690441bc418c06bc0c78b63787f189385c2e9b8d47ce4a3ccc7ae18c70c602c4582b15205ca8478ab88cdedcb344dc1ec3f5b0c22c3badc0d
Static task
static1
Behavioral task
behavioral1
Sample
3d054e3e93c3fccafea80b7e225da90d205282662800aec4624d0641631202b8.exe
Resource
win10-en-20210920
Malware Config
Extracted
smokeloader
2020
http://xacokuo8.top/
http://hajezey1.top/
Targets
-
-
Target
3d054e3e93c3fccafea80b7e225da90d205282662800aec4624d0641631202b8
-
Size
262KB
-
MD5
3ba0b3a3b6d2a66d507acb1f10a24434
-
SHA1
644a4f467c21f8693f7f3c8788360ac3df0fa525
-
SHA256
3d054e3e93c3fccafea80b7e225da90d205282662800aec4624d0641631202b8
-
SHA512
dafa6f2a947598d690441bc418c06bc0c78b63787f189385c2e9b8d47ce4a3ccc7ae18c70c602c4582b15205ca8478ab88cdedcb344dc1ec3f5b0c22c3badc0d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-