Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62a47e1b249e8e9bd37960d3c70f45dd78ecd75c767180696aad4e43c1054d41

  • Size

    232KB

  • Sample

    211202-g5xgmacbfr

  • MD5

    9ccda86f718a1af6724d384c79bf1dd4

  • SHA1

    a25d0ae4685dec0cecc7ca14b99937f93db0b167

  • SHA256

    62a47e1b249e8e9bd37960d3c70f45dd78ecd75c767180696aad4e43c1054d41

  • SHA512

    196cdbf510e84850dc19689e71a3dc7623743007dead3a1091c1976e0cf6b16e38a8965d77ef1e48f8399c7e71dce85dcd3996b734008eb3603459ef160bb8f0

Score
10/10
redlinesmokeloader1backdoorcollectiondiscoveryevasioninfostealerspywarestealersuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

1

C2

45.9.20.59:46287

Targets

    • Target

      62a47e1b249e8e9bd37960d3c70f45dd78ecd75c767180696aad4e43c1054d41

    • Size

      232KB

    • MD5

      9ccda86f718a1af6724d384c79bf1dd4

    • SHA1

      a25d0ae4685dec0cecc7ca14b99937f93db0b167

    • SHA256

      62a47e1b249e8e9bd37960d3c70f45dd78ecd75c767180696aad4e43c1054d41

    • SHA512

      196cdbf510e84850dc19689e71a3dc7623743007dead3a1091c1976e0cf6b16e38a8965d77ef1e48f8399c7e71dce85dcd3996b734008eb3603459ef160bb8f0

    Score
    10/10
    redlinesmokeloader1backdoorcollectiondiscoveryevasioninfostealerspywarestealersuricatatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks