General
-
Target
0bc400e0c63e1cb1f40eba909fc55875010b6d82efc5142a1dc2d03294080463
-
Size
160KB
-
Sample
211119-ktqfqachc7
-
MD5
a4e282a9b67616245766901f1cfece53
-
SHA1
91b41dfd89e90ece75c9a0d1760b5ebc63fe4507
-
SHA256
0bc400e0c63e1cb1f40eba909fc55875010b6d82efc5142a1dc2d03294080463
-
SHA512
7056cab7862c904e05784bf662ad9866f23da4d988e56241d3392278119436b19c27e3f324edfc75cfe3b4e5f5593a08087976ed4c2b5a1758f0728a78e8326e
Static task
static1
Behavioral task
behavioral1
Sample
0bc400e0c63e1cb1f40eba909fc55875010b6d82efc5142a1dc2d03294080463.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://membro.at/upload/
http://jeevanpunetha.com/upload/
http://misipu.cn/upload/
http://zavodooo.ru/upload/
http://targiko.ru/upload/
http://vues3d.com/upload/
http://rsuehfidvdkfvk.top/
Extracted
redline
SewPalpadin
185.215.113.29:1102
Extracted
redline
1811
95.216.168.100:38784
Extracted
raccoon
1.8.3-hotfix
14b265e74e2847e8408db7ca21fe6fe2e9ab5767
-
url4cnc
http://91.219.236.162/masterdanteloma
http://185.163.47.176/masterdanteloma
http://193.38.54.238/masterdanteloma
http://74.119.192.122/masterdanteloma
http://91.219.236.240/masterdanteloma
https://t.me/masterdanteloma
Targets
-
-
Target
0bc400e0c63e1cb1f40eba909fc55875010b6d82efc5142a1dc2d03294080463
-
Size
160KB
-
MD5
a4e282a9b67616245766901f1cfece53
-
SHA1
91b41dfd89e90ece75c9a0d1760b5ebc63fe4507
-
SHA256
0bc400e0c63e1cb1f40eba909fc55875010b6d82efc5142a1dc2d03294080463
-
SHA512
7056cab7862c904e05784bf662ad9866f23da4d988e56241d3392278119436b19c27e3f324edfc75cfe3b4e5f5593a08087976ed4c2b5a1758f0728a78e8326e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-