General
-
Target
60cd649fed2b7527e447db61a5dc1abfd0a92e0af93cafe0c62f6ad0377112c5
-
Size
160KB
-
Sample
211119-pacsqsacdp
-
MD5
6e55ef842feee0b190d83bb9abe411d8
-
SHA1
e83c1f4180b6d6358c55617876b3b48acb341bfa
-
SHA256
60cd649fed2b7527e447db61a5dc1abfd0a92e0af93cafe0c62f6ad0377112c5
-
SHA512
13bc4a2f8fb9ea472c8ae6d2e0f7ccb4526b210f5c988f13ba1602f75d8d4507448614d226e5f0408b1d43e70154efa07586086f53502f6f46694a49ffa74f0c
Static task
static1
Behavioral task
behavioral1
Sample
60cd649fed2b7527e447db61a5dc1abfd0a92e0af93cafe0c62f6ad0377112c5.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://membro.at/upload/
http://jeevanpunetha.com/upload/
http://misipu.cn/upload/
http://zavodooo.ru/upload/
http://targiko.ru/upload/
http://vues3d.com/upload/
Extracted
redline
jaromawanave.xyz:80
Extracted
redline
SewPalpadin
185.215.113.29:1102
Extracted
raccoon
1.8.3-hotfix
14b265e74e2847e8408db7ca21fe6fe2e9ab5767
-
url4cnc
http://91.219.236.162/masterdanteloma
http://185.163.47.176/masterdanteloma
http://193.38.54.238/masterdanteloma
http://74.119.192.122/masterdanteloma
http://91.219.236.240/masterdanteloma
https://t.me/masterdanteloma
Targets
-
-
Target
60cd649fed2b7527e447db61a5dc1abfd0a92e0af93cafe0c62f6ad0377112c5
-
Size
160KB
-
MD5
6e55ef842feee0b190d83bb9abe411d8
-
SHA1
e83c1f4180b6d6358c55617876b3b48acb341bfa
-
SHA256
60cd649fed2b7527e447db61a5dc1abfd0a92e0af93cafe0c62f6ad0377112c5
-
SHA512
13bc4a2f8fb9ea472c8ae6d2e0f7ccb4526b210f5c988f13ba1602f75d8d4507448614d226e5f0408b1d43e70154efa07586086f53502f6f46694a49ffa74f0c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-