General
-
Target
ecc95feeb482af01eb5ed90d3a003dc4fac3e1d0d6e4627f9497fe83f87a2070
-
Size
218KB
-
Sample
211210-krt15afhd8
-
MD5
329096f5fae6abed39a7d88c40544c0a
-
SHA1
c47cecb7581b713d9c188f250792752d73b56d01
-
SHA256
ecc95feeb482af01eb5ed90d3a003dc4fac3e1d0d6e4627f9497fe83f87a2070
-
SHA512
39a175130232ce0c4d0cd96112dcb641abadad39f6d7ac7e072be53a2a8c3e6a9a42233ee5cd81b8c2537c35ca5bb059b903fef572746ee9975d0d1e349e3b8a
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
195.133.47.114:38627
Targets
-
-
Target
ecc95feeb482af01eb5ed90d3a003dc4fac3e1d0d6e4627f9497fe83f87a2070
-
Size
218KB
-
MD5
329096f5fae6abed39a7d88c40544c0a
-
SHA1
c47cecb7581b713d9c188f250792752d73b56d01
-
SHA256
ecc95feeb482af01eb5ed90d3a003dc4fac3e1d0d6e4627f9497fe83f87a2070
-
SHA512
39a175130232ce0c4d0cd96112dcb641abadad39f6d7ac7e072be53a2a8c3e6a9a42233ee5cd81b8c2537c35ca5bb059b903fef572746ee9975d0d1e349e3b8a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-