General
-
Target
01514d33e2e0650c3b92ec9ae0fe4b6c19dbdf0c2d5e261ea39c3a4e40f105c5
-
Size
291KB
-
Sample
211218-2337lsgeer
-
MD5
6741e95ef2990fbc17f89e79133034a5
-
SHA1
668a2b8e60198c1ad0e3bf5f826fcdbabc6d4b8d
-
SHA256
01514d33e2e0650c3b92ec9ae0fe4b6c19dbdf0c2d5e261ea39c3a4e40f105c5
-
SHA512
5c9a7f56bea929226395d8825c22acd8b2572331eb77bfb4962cf46696f63bf3fb8339842abc19623442e11df6ed2bc6069729baed421efc47214720729563d0
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://rcacademy.at/upload/
http://e-lanpengeonline.com/upload/
http://vjcmvz.cn/upload/
http://galala.ru/upload/
http://witra.ru/upload/
Extracted
redline
1
86.107.197.138:38133
Extracted
redline
170
45.9.20.240:46257
Targets
-
-
Target
01514d33e2e0650c3b92ec9ae0fe4b6c19dbdf0c2d5e261ea39c3a4e40f105c5
-
Size
291KB
-
MD5
6741e95ef2990fbc17f89e79133034a5
-
SHA1
668a2b8e60198c1ad0e3bf5f826fcdbabc6d4b8d
-
SHA256
01514d33e2e0650c3b92ec9ae0fe4b6c19dbdf0c2d5e261ea39c3a4e40f105c5
-
SHA512
5c9a7f56bea929226395d8825c22acd8b2572331eb77bfb4962cf46696f63bf3fb8339842abc19623442e11df6ed2bc6069729baed421efc47214720729563d0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-