General
-
Target
setup_installer.exe
-
Size
4.5MB
-
Sample
211031-jt6l9scefk
-
MD5
c242763123d594ef84987fc2f991c572
-
SHA1
3763dd4f351c521a8c2a9cf723473b29f40b4cce
-
SHA256
e06f470cfe456f519848427a05569a0bb175bdb3570958b50eb0d95c2ba10155
-
SHA512
a91ddfeaf6f34800182ce00da53acd2129300e2b20cbb726e9970026182a872c787ab87aef984725479a338caf9423e179a686c825256ca52d9c0fae7eadaf69
Static task
static1
Behavioral task
behavioral1
Sample
setup_installer.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
setup_installer.exe
Resource
win10-en-20211014
Malware Config
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Extracted
redline
srtupdate33
135.181.129.119:4805
Targets
-
-
Target
setup_installer.exe
-
Size
4.5MB
-
MD5
c242763123d594ef84987fc2f991c572
-
SHA1
3763dd4f351c521a8c2a9cf723473b29f40b4cce
-
SHA256
e06f470cfe456f519848427a05569a0bb175bdb3570958b50eb0d95c2ba10155
-
SHA512
a91ddfeaf6f34800182ce00da53acd2129300e2b20cbb726e9970026182a872c787ab87aef984725479a338caf9423e179a686c825256ca52d9c0fae7eadaf69
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Socelars Payload
-
suricata: ET MALWARE FormBook CnC Checkin (GET)
suricata: ET MALWARE FormBook CnC Checkin (GET)
-
suricata: ET MALWARE GCleaner Downloader Activity M5
suricata: ET MALWARE GCleaner Downloader Activity M5
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin
-
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
suricata: ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-