General
-
Target
bc9c4f264ca61d4022f1e0adb9ed160cadf0161968ed1839c8c4ef4752bc298a
-
Size
248KB
-
Sample
211204-ht553addb6
-
MD5
26de68582574616729ab05e2b92e194d
-
SHA1
e47c2eaeb157e1a51699d9139467511ec3b2ad6c
-
SHA256
bc9c4f264ca61d4022f1e0adb9ed160cadf0161968ed1839c8c4ef4752bc298a
-
SHA512
b555ee23a8f26f32fc186421b0d74cc6474e70ae6bdf732b9afd64768bc3179d08813a0ba82608a5e8c8172415689d2d820234f6b6c6a594e0170ed502435bae
Static task
static1
Behavioral task
behavioral1
Sample
bc9c4f264ca61d4022f1e0adb9ed160cadf0161968ed1839c8c4ef4752bc298a.exe
Resource
win10-en-20211014
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
Extracted
raccoon
1.8.3-hotfix
049dc5184bb65eb56e4e860bf61427e2a0fcba1e
-
url4cnc
http://185.225.19.18/duglassa1
http://91.219.237.227/duglassa1
https://t.me/duglassa1
Extracted
raccoon
1.8.3-hotfix
b620be4c85b4051a92040003edbc322be4eb082d
-
url4cnc
http://91.219.236.207/capibar
http://185.225.19.18/capibar
http://91.219.237.227/capibar
https://t.me/capibar
Targets
-
-
Target
bc9c4f264ca61d4022f1e0adb9ed160cadf0161968ed1839c8c4ef4752bc298a
-
Size
248KB
-
MD5
26de68582574616729ab05e2b92e194d
-
SHA1
e47c2eaeb157e1a51699d9139467511ec3b2ad6c
-
SHA256
bc9c4f264ca61d4022f1e0adb9ed160cadf0161968ed1839c8c4ef4752bc298a
-
SHA512
b555ee23a8f26f32fc186421b0d74cc6474e70ae6bdf732b9afd64768bc3179d08813a0ba82608a5e8c8172415689d2d820234f6b6c6a594e0170ed502435bae
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-