General
-
Target
dad0582c5eaadb738dcef74ce92d6566ca7225d4e75c97d1a3fed717ec07d0d7
-
Size
319KB
-
Sample
211207-ctafhafffr
-
MD5
13d655d055e15f8ccaea79df4fdd7487
-
SHA1
3d3a2ac28df27e8a949064be846f0268b91c4d12
-
SHA256
dad0582c5eaadb738dcef74ce92d6566ca7225d4e75c97d1a3fed717ec07d0d7
-
SHA512
2fe502c6f1646d8a1c8caaa4cebbbd1d0558371f28da1c20f07fda353f9405d758ab92695a98ac505e0c9f44bf9edf663bfb7348dec807c2f78e4bd44bf6ae5e
Static task
static1
Behavioral task
behavioral1
Sample
dad0582c5eaadb738dcef74ce92d6566ca7225d4e75c97d1a3fed717ec07d0d7.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
Extracted
raccoon
1.8.3-hotfix
f797145799b7b1b77b35d81de942eee0908da519
-
url4cnc
http://91.219.236.27/capibar
http://94.158.245.167/capibar
http://185.163.204.216/capibar
http://185.225.19.238/capibar
http://185.163.204.218/capibar
https://t.me/capibar
Extracted
amadey
2.86
185.215.113.35/d2VxjasuwS/index.php
Targets
-
-
Target
dad0582c5eaadb738dcef74ce92d6566ca7225d4e75c97d1a3fed717ec07d0d7
-
Size
319KB
-
MD5
13d655d055e15f8ccaea79df4fdd7487
-
SHA1
3d3a2ac28df27e8a949064be846f0268b91c4d12
-
SHA256
dad0582c5eaadb738dcef74ce92d6566ca7225d4e75c97d1a3fed717ec07d0d7
-
SHA512
2fe502c6f1646d8a1c8caaa4cebbbd1d0558371f28da1c20f07fda353f9405d758ab92695a98ac505e0c9f44bf9edf663bfb7348dec807c2f78e4bd44bf6ae5e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
suricata: ET MALWARE Sharik/Smoke CnC Beacon 11
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-