General
-
Target
ec21adf9c15c15820f6251703808ae664a69b53d172d3bb2933bde49105757cf
-
Size
224KB
-
Sample
211025-nx1yeaghhp
-
MD5
72d70a10c657658b7432cef7c38887a7
-
SHA1
2c74d28cfe6a3583e653c76cd358032c2645d5a5
-
SHA256
ec21adf9c15c15820f6251703808ae664a69b53d172d3bb2933bde49105757cf
-
SHA512
95428f5c45f8ca78fba3034ddb393e53f7432a4121cddb4cbb2a06ebac3b5740287a6ada643f2f1b92e37d57cb9a078a02faa6df96f731a70dc522012969a2ed
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://gejajoo7.top/
http://sysaheu9.top/
Extracted
vidar
41.5
754
https://mas.to/@xeroxxx
-
profile_id
754
Targets
-
-
Target
ec21adf9c15c15820f6251703808ae664a69b53d172d3bb2933bde49105757cf
-
Size
224KB
-
MD5
72d70a10c657658b7432cef7c38887a7
-
SHA1
2c74d28cfe6a3583e653c76cd358032c2645d5a5
-
SHA256
ec21adf9c15c15820f6251703808ae664a69b53d172d3bb2933bde49105757cf
-
SHA512
95428f5c45f8ca78fba3034ddb393e53f7432a4121cddb4cbb2a06ebac3b5740287a6ada643f2f1b92e37d57cb9a078a02faa6df96f731a70dc522012969a2ed
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-