General
-
Target
d7ee7082aefbc7d455574e6046d068223ca0e1dfc2f277254f334eccfd48673c
-
Size
297KB
-
Sample
211209-16s1daecf9
-
MD5
811836d3b81e4011db274d1354ab6603
-
SHA1
6b3972b43e4d94a2d0ff2f0ab0cdaf2658ca5d3d
-
SHA256
d7ee7082aefbc7d455574e6046d068223ca0e1dfc2f277254f334eccfd48673c
-
SHA512
72ec7abf1e9543dc419c2fe0baf766e0dfcd35e9f596eac5f24e1255cb27ccfa3f01310364a2a20f9aa3a2384709d5e181d1a7c4a40a3143dc3bd439b867ed65
Static task
static1
Behavioral task
behavioral1
Sample
d7ee7082aefbc7d455574e6046d068223ca0e1dfc2f277254f334eccfd48673c.exe
Resource
win10-en-20211208
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
d7ee7082aefbc7d455574e6046d068223ca0e1dfc2f277254f334eccfd48673c
-
Size
297KB
-
MD5
811836d3b81e4011db274d1354ab6603
-
SHA1
6b3972b43e4d94a2d0ff2f0ab0cdaf2658ca5d3d
-
SHA256
d7ee7082aefbc7d455574e6046d068223ca0e1dfc2f277254f334eccfd48673c
-
SHA512
72ec7abf1e9543dc419c2fe0baf766e0dfcd35e9f596eac5f24e1255cb27ccfa3f01310364a2a20f9aa3a2384709d5e181d1a7c4a40a3143dc3bd439b867ed65
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-