General
-
Target
046088193cf3a9022e49ea0297c54c3312a25f0a0ca2a4e397d1a158c044ef00
-
Size
140KB
-
Sample
211117-27saxaece2
-
MD5
420abd8835a80e3dc2b7e73e31ae3386
-
SHA1
8236c7a1bf97e5b7c8486febdaed4b9e63deb090
-
SHA256
046088193cf3a9022e49ea0297c54c3312a25f0a0ca2a4e397d1a158c044ef00
-
SHA512
9593178b2dac05d0ea6375d7d8fd8c9b30ce95896c8b1b5df37b98843a99fe0794b136515dfd239874db936b8f0a66e78e4d47ece1ba118365ad06b13e0792ee
Static task
static1
Behavioral task
behavioral1
Sample
046088193cf3a9022e49ea0297c54c3312a25f0a0ca2a4e397d1a158c044ef00.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
redline
185.159.80.90:38637
Extracted
raccoon
1.8.3-hotfix
ddf183af4241e3172885cf1b2c4c1fb4ee03d05a
-
url4cnc
http://91.219.236.27/capibar
http://5.181.156.92/capibar
http://91.219.236.207/capibar
http://185.225.19.18/capibar
http://91.219.237.227/capibar
https://t.me/capibar
Extracted
asyncrat
VenomRAT_HVNC 5.0.0.3
Venom Clients
91.134.187.25:4449
Venom_RAT_Mutex_Venom_RAT
-
anti_vm
false
-
bsod
false
-
delay
0
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
046088193cf3a9022e49ea0297c54c3312a25f0a0ca2a4e397d1a158c044ef00
-
Size
140KB
-
MD5
420abd8835a80e3dc2b7e73e31ae3386
-
SHA1
8236c7a1bf97e5b7c8486febdaed4b9e63deb090
-
SHA256
046088193cf3a9022e49ea0297c54c3312a25f0a0ca2a4e397d1a158c044ef00
-
SHA512
9593178b2dac05d0ea6375d7d8fd8c9b30ce95896c8b1b5df37b98843a99fe0794b136515dfd239874db936b8f0a66e78e4d47ece1ba118365ad06b13e0792ee
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-