redline | e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172
Size

320KB
Sample

211201-wlymxahgb2
MD5

8f8b2a03a443b9920ea59df6ae66630e
SHA1

fefe0ac65b4273d5f7a3768b778878dc74596270
SHA256

e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172
SHA512

9913fb0084e6cb7ac2ee5bdcf99e1f84ade6c52052b67868884e2bc1caa3fd416973eaaf364de2f6f5c1449e75d36d677564abd7315c164a91f14ae0d94eb669

Score

10^/10

redline smokeloader 1 backdoor collection discovery evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172.exe

Resource

win10-en-20211104

redline smokeloader 1 backdoor collection discovery evasion infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

https://cinems.club/search.php

https://clothes.surf/search.php

rc4.i32

rc4.i32

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

1

C2

45.9.20.59:46287

Targets

- Target
  
  e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172
- Size
  
  320KB
- MD5
  
  8f8b2a03a443b9920ea59df6ae66630e
- SHA1
  
  fefe0ac65b4273d5f7a3768b778878dc74596270
- SHA256
  
  e71329fb184ef0f0eca172e5a18c5aba23f1c4c7967816784d53dfdaf1707172
- SHA512
  
  9913fb0084e6cb7ac2ee5bdcf99e1f84ade6c52052b67868884e2bc1caa3fd416973eaaf364de2f6f5c1449e75d36d677564abd7315c164a91f14ae0d94eb669
Score

10^/10

redline smokeloader 1 backdoor collection discovery evasion infostealer spyware stealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloader1backdoorcollectiondiscoveryevasioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy