General
-
Target
b721f2f38f6b5cd68b6b517b27d9963d10fea83d2ba35421791c64e1aaa5e030
-
Size
299KB
-
Sample
211209-3l7ddagadj
-
MD5
585ae6e8ecf9cd94f8abe91362f17073
-
SHA1
8df2a24e6d8e8949152d4a0d61dd9aa7d718bdec
-
SHA256
b721f2f38f6b5cd68b6b517b27d9963d10fea83d2ba35421791c64e1aaa5e030
-
SHA512
6d4e646a90ce2cd202ab4719b818009dc8670191f7a08cc2e54a62b6577af1a00ea00550e3e1b99bb4bfd527dbd1c44dc6c2d0c6de3b8b86bdf880ad73bf74d6
Static task
static1
Behavioral task
behavioral1
Sample
b721f2f38f6b5cd68b6b517b27d9963d10fea83d2ba35421791c64e1aaa5e030.exe
Resource
win10-en-20211208
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
b721f2f38f6b5cd68b6b517b27d9963d10fea83d2ba35421791c64e1aaa5e030
-
Size
299KB
-
MD5
585ae6e8ecf9cd94f8abe91362f17073
-
SHA1
8df2a24e6d8e8949152d4a0d61dd9aa7d718bdec
-
SHA256
b721f2f38f6b5cd68b6b517b27d9963d10fea83d2ba35421791c64e1aaa5e030
-
SHA512
6d4e646a90ce2cd202ab4719b818009dc8670191f7a08cc2e54a62b6577af1a00ea00550e3e1b99bb4bfd527dbd1c44dc6c2d0c6de3b8b86bdf880ad73bf74d6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-