redline | 97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f
Size

182KB
Sample

211209-akj78sbdeq
MD5

1168d3b5014173d770bb46743876d712
SHA1

fde7c3dbe926007a20f030e67b39d90267c769b2
SHA256

97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f
SHA512

d0b57e33a795ce6d197c153353bc50f5ece25f367d7542c2bc6002a87537e134941f3166aa988ec89c9106f693eec82e2f76291d1a19f8cb4b7bc7bf4c853606

Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f.exe

Resource

win10-en-20211208

redline smokeloader systembc backdoor infostealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32

rc4.i32

Extracted

Family

systembc

C2

185.209.30.180:4001

Targets

- Target
  
  97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f
- Size
  
  182KB
- MD5
  
  1168d3b5014173d770bb46743876d712
- SHA1
  
  fde7c3dbe926007a20f030e67b39d90267c769b2
- SHA256
  
  97d6b1252c76acc7ed9bdda30b7824a2aaf64fd6a586a1818bfaf2104e277c2f
- SHA512
  
  d0b57e33a795ce6d197c153353bc50f5ece25f367d7542c2bc6002a87537e134941f3166aa988ec89c9106f693eec82e2f76291d1a19f8cb4b7bc7bf4c853606
Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloadersystembcbackdoorinfostealersuricatatrojan

© 2018-2024

Terms | Privacy