General
-
Target
59f19c0c51dd9af08b2f6eacd2f947a9.exe
-
Size
319KB
-
Sample
211207-p5ssfahcfp
-
MD5
59f19c0c51dd9af08b2f6eacd2f947a9
-
SHA1
4f93d27337ef53449b797dff32fc27a8d81b75d9
-
SHA256
da702dc8c9bb7c1448fc8b284a961390466a2a9be3383dc0cd30404ed0dcfef5
-
SHA512
1d18a8209a5b28946fcfd4d151e56cfe0d456fb43786bdea850f3f7ea3fa44ceb5517981b8e4043c95a5d8124bf8c3618543aa221c3fe093fae13e72c269992c
Static task
static1
Behavioral task
behavioral1
Sample
59f19c0c51dd9af08b2f6eacd2f947a9.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
59f19c0c51dd9af08b2f6eacd2f947a9.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
59f19c0c51dd9af08b2f6eacd2f947a9.exe
-
Size
319KB
-
MD5
59f19c0c51dd9af08b2f6eacd2f947a9
-
SHA1
4f93d27337ef53449b797dff32fc27a8d81b75d9
-
SHA256
da702dc8c9bb7c1448fc8b284a961390466a2a9be3383dc0cd30404ed0dcfef5
-
SHA512
1d18a8209a5b28946fcfd4d151e56cfe0d456fb43786bdea850f3f7ea3fa44ceb5517981b8e4043c95a5d8124bf8c3618543aa221c3fe093fae13e72c269992c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-