General
-
Target
14e958e8f2ecd20ebe1a3bb32394d55d710f31a354f66c31a896fb48788b701e
-
Size
171KB
-
Sample
211215-pd81cahea3
-
MD5
c0c7acf8d97daee036c98c8f6f9ec516
-
SHA1
eeb59fc2f44b3365196f82fb91b347fa9ac65b46
-
SHA256
14e958e8f2ecd20ebe1a3bb32394d55d710f31a354f66c31a896fb48788b701e
-
SHA512
20ddfd298b16e6f90107215a6c4c700fb65715403059d280e0c3cc71f74319c9638173fe7e98c2b7b467403c88209bbdd7eb49e8a5d4a420e3df3571b9fa1032
Static task
static1
Behavioral task
behavioral1
Sample
14e958e8f2ecd20ebe1a3bb32394d55d710f31a354f66c31a896fb48788b701e.exe
Resource
win10-en-20211208
Malware Config
Extracted
smokeloader
2020
http://host-data-coin-11.com/
http://file-coin-host-12.com/
http://srtuiyhuali.at/
http://fufuiloirtu.com/
http://amogohuigotuli.at/
http://novohudosovu.com/
http://brutuilionust.com/
http://bubushkalioua.com/
http://dumuilistrati.at/
http://verboliatsiaeeees.com/
Extracted
icedid
3372020928
jeliskvosh.com
Targets
-
-
Target
14e958e8f2ecd20ebe1a3bb32394d55d710f31a354f66c31a896fb48788b701e
-
Size
171KB
-
MD5
c0c7acf8d97daee036c98c8f6f9ec516
-
SHA1
eeb59fc2f44b3365196f82fb91b347fa9ac65b46
-
SHA256
14e958e8f2ecd20ebe1a3bb32394d55d710f31a354f66c31a896fb48788b701e
-
SHA512
20ddfd298b16e6f90107215a6c4c700fb65715403059d280e0c3cc71f74319c9638173fe7e98c2b7b467403c88209bbdd7eb49e8a5d4a420e3df3571b9fa1032
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-