General
-
Target
30494b5207c38659e9589728923aee53b7b1d9a46b7d0865c3d260ba28827145
-
Size
341KB
-
Sample
211209-d7ykxsagh5
-
MD5
c731bf2eebc9d440935ddfb3ca749086
-
SHA1
b464c06b70bfb5731731bcf738fbd9d915a2ac19
-
SHA256
30494b5207c38659e9589728923aee53b7b1d9a46b7d0865c3d260ba28827145
-
SHA512
30db1cb3544b699fe8891adb98af69ceeaccdae5d0110b7e6981866903223d371dae03729cdf1bd8b691aa54a8ea780e06a5f0a5e266f1b14ba9946cc950ffd4
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Extracted
systembc
185.209.30.180:4001
Targets
-
-
Target
30494b5207c38659e9589728923aee53b7b1d9a46b7d0865c3d260ba28827145
-
Size
341KB
-
MD5
c731bf2eebc9d440935ddfb3ca749086
-
SHA1
b464c06b70bfb5731731bcf738fbd9d915a2ac19
-
SHA256
30494b5207c38659e9589728923aee53b7b1d9a46b7d0865c3d260ba28827145
-
SHA512
30db1cb3544b699fe8891adb98af69ceeaccdae5d0110b7e6981866903223d371dae03729cdf1bd8b691aa54a8ea780e06a5f0a5e266f1b14ba9946cc950ffd4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-