General
-
Target
369b89160fc1e3c8b2ec374dfb220c264efc7d2df1bcb04cadec2dd038765523
-
Size
319KB
-
Sample
211207-p8mqlacbh6
-
MD5
5106aa3bd71ee4a75133d1cc18030874
-
SHA1
32c3cc7e79d7701466a1e1809f54c630e1cd330b
-
SHA256
369b89160fc1e3c8b2ec374dfb220c264efc7d2df1bcb04cadec2dd038765523
-
SHA512
1f58c1eb7eaa82235031e7c20c8d2d1a1a355bdb34d206564469bc391f57a54af4e3be06c82c59a7827fcc8eb6b48f51187a460f97df30eada76fd6174dc3074
Static task
static1
Behavioral task
behavioral1
Sample
369b89160fc1e3c8b2ec374dfb220c264efc7d2df1bcb04cadec2dd038765523.exe
Resource
win10-en-20211104
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
369b89160fc1e3c8b2ec374dfb220c264efc7d2df1bcb04cadec2dd038765523
-
Size
319KB
-
MD5
5106aa3bd71ee4a75133d1cc18030874
-
SHA1
32c3cc7e79d7701466a1e1809f54c630e1cd330b
-
SHA256
369b89160fc1e3c8b2ec374dfb220c264efc7d2df1bcb04cadec2dd038765523
-
SHA512
1f58c1eb7eaa82235031e7c20c8d2d1a1a355bdb34d206564469bc391f57a54af4e3be06c82c59a7827fcc8eb6b48f51187a460f97df30eada76fd6174dc3074
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-