redline | 67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
Size

182KB
Sample

211208-3x67rabcgl
MD5

1a0dd17e7931a344d630e2b74017750f
SHA1

cda69db7acd6b18a531a7951795dce98e7d61e27
SHA256

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
SHA512

b741511f8470dacae52274f5b14ec80ecb87bc0d8b711212f0accd7bb6c2dd95ed59bc31f351ff7873d780d5fb250ff4d297a9e972d9adef0ebbdf40e41354a3

Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef.exe

Resource

win10-en-20211208

redline smokeloader systembc backdoor infostealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32

rc4.i32

Extracted

Family

systembc

C2

185.209.30.180:4001

Targets

- Target
  
  67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
- Size
  
  182KB
- MD5
  
  1a0dd17e7931a344d630e2b74017750f
- SHA1
  
  cda69db7acd6b18a531a7951795dce98e7d61e27
- SHA256
  
  67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
- SHA512
  
  b741511f8470dacae52274f5b14ec80ecb87bc0d8b711212f0accd7bb6c2dd95ed59bc31f351ff7873d780d5fb250ff4d297a9e972d9adef0ebbdf40e41354a3
Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloadersystembcbackdoorinfostealersuricatatrojan

© 2018-2024

Terms | Privacy