General
-
Target
2988763CE776FB8A9C79A2565384A30744CCCD114CDE7.exe
-
Size
3.4MB
-
Sample
220111-23d8gshhd9
-
MD5
6a9ecc2b12f245698396dadd31dd7e1f
-
SHA1
498a1e5ec1704d96c82e7b6228ac3ba37b9dbee7
-
SHA256
2988763ce776fb8a9c79a2565384a30744cccd114cde7ee49b71965396f41bc7
-
SHA512
76aa9bf2fee130eb06b71d56ec90bf018168f6fa00f599e8e387aec9c7ff442b27669811febb6a3d933a5cde117ee03cc41086db61cfe50b8e6e80ae1a4e5592
Malware Config
Extracted
smokeloader
2020
http://directorycart.com/upload/
http://tierzahnarzt.at/upload/
http://streetofcards.com/upload/
http://ycdfzd.com/upload/
http://successcoachceo.com/upload/
http://uhvu.cn/upload/
http://japanarticle.com/upload/
Extracted
redline
fucker2
135.181.129.119:4805
Extracted
redline
media18
91.121.67.60:2151
Targets
-
-
Target
2988763CE776FB8A9C79A2565384A30744CCCD114CDE7.exe
-
Size
3.4MB
-
MD5
6a9ecc2b12f245698396dadd31dd7e1f
-
SHA1
498a1e5ec1704d96c82e7b6228ac3ba37b9dbee7
-
SHA256
2988763ce776fb8a9c79a2565384a30744cccd114cde7ee49b71965396f41bc7
-
SHA512
76aa9bf2fee130eb06b71d56ec90bf018168f6fa00f599e8e387aec9c7ff442b27669811febb6a3d933a5cde117ee03cc41086db61cfe50b8e6e80ae1a4e5592
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-