General
-
Target
f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
-
Size
319KB
-
Sample
211203-n4ad2abde6
-
MD5
24ff8d2f666e28dfee4bf3c0260d9b75
-
SHA1
f22d725a9c34f36a54b068fec6defd3fcb5e8f3a
-
SHA256
f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
-
SHA512
aa9c3978e3c1b8c07eee112e0ebfbeb8291166adc5504f5236b10d159b95c54225a59df4f879192c765ea05a854f990f2f982c8eda079c368f33601dbfca76d2
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
http://srtuiyhuali.at/
http://fufuiloirtu.com/
http://amogohuigotuli.at/
http://novohudosovu.com/
http://brutuilionust.com/
http://bubushkalioua.com/
http://dumuilistrati.at/
http://verboliatsiaeeees.com/
Extracted
redline
92.255.76.197:38637
Extracted
arkei
Default
http://file-file-host4.com/tratata.php
Targets
-
-
Target
f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
-
Size
319KB
-
MD5
24ff8d2f666e28dfee4bf3c0260d9b75
-
SHA1
f22d725a9c34f36a54b068fec6defd3fcb5e8f3a
-
SHA256
f6f217b81efa31016030da14f61724806b4d6064ea8fa313869a521940fa9a7f
-
SHA512
aa9c3978e3c1b8c07eee112e0ebfbeb8291166adc5504f5236b10d159b95c54225a59df4f879192c765ea05a854f990f2f982c8eda079c368f33601dbfca76d2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of SetThreadContext
-