General
-
Target
a6e7910146fecdecd20bf89bb1be0f92.exe
-
Size
321KB
-
Sample
211207-p476qscbd3
-
MD5
a6e7910146fecdecd20bf89bb1be0f92
-
SHA1
81866a8450a9cd58435e59289966a3db40f09f78
-
SHA256
21837b705147ad533b64db7fcf2170662da3e2f9210d410a75caa83380e9a47f
-
SHA512
a6c92d3f57176b95c7338ea8160b8d4960725556a40f5e88e9412cf11bba7e6839a67144ee003a9b6b044b573129e51bfc31326a4d9be8a07bcbfec4cf63631b
Static task
static1
Behavioral task
behavioral1
Sample
a6e7910146fecdecd20bf89bb1be0f92.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
a6e7910146fecdecd20bf89bb1be0f92.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
a6e7910146fecdecd20bf89bb1be0f92.exe
-
Size
321KB
-
MD5
a6e7910146fecdecd20bf89bb1be0f92
-
SHA1
81866a8450a9cd58435e59289966a3db40f09f78
-
SHA256
21837b705147ad533b64db7fcf2170662da3e2f9210d410a75caa83380e9a47f
-
SHA512
a6c92d3f57176b95c7338ea8160b8d4960725556a40f5e88e9412cf11bba7e6839a67144ee003a9b6b044b573129e51bfc31326a4d9be8a07bcbfec4cf63631b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-