redline | 0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953
Size

341KB
Sample

211209-dgjzvacbbq
MD5

4cfd9d9ed77331de2c7bc4486785584d
SHA1

03f2c000753a358207643c6e7d9ef8b86225b8e5
SHA256

0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953
SHA512

863a11ea2ec6f71e463b324a7020344e3b1a9e55618eddf3bd365fcd163cd8227cdba6381e622656880cf34b2cf0326a9188c3086667467011c7674bcd6f2733

Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953.exe

Resource

win10-en-20211208

redline smokeloader systembc backdoor infostealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/

rc4.i32

rc4.i32

Extracted

Family

redline

C2

195.133.47.114:38627

Extracted

Family

systembc

C2

185.209.30.180:4001

Targets

- Target
  
  0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953
- Size
  
  341KB
- MD5
  
  4cfd9d9ed77331de2c7bc4486785584d
- SHA1
  
  03f2c000753a358207643c6e7d9ef8b86225b8e5
- SHA256
  
  0c09b34c317c0a1c98dae029678d4ae7c9fac99584e8249bf9464074edced953
- SHA512
  
  863a11ea2ec6f71e463b324a7020344e3b1a9e55618eddf3bd365fcd163cd8227cdba6381e622656880cf34b2cf0326a9188c3086667467011c7674bcd6f2733
Score

10^/10

redline smokeloader systembc backdoor infostealer suricata trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinesmokeloadersystembcbackdoorinfostealersuricatatrojan

© 2018-2024

Terms | Privacy