General
-
Target
be2217174a9927d8df6977aca91f733234854a7d58ea4a4379a6c5735a9200f1
-
Size
317KB
-
Sample
220125-pepyvsfgd9
-
MD5
651b565bf27de6c439c1c1071361b37a
-
SHA1
00bf67fd5775f80a14a0051bc295241c9e4c0b57
-
SHA256
be2217174a9927d8df6977aca91f733234854a7d58ea4a4379a6c5735a9200f1
-
SHA512
6cbaa1e05e88ce967be7e7ae9c5aa5b6ab7cfce4b6bdd3e93550ee10a86336ef6f1d6ea1dff19172e8278791145e2e87ff6ec3f74815d3074655bac942f8b304
Static task
static1
Behavioral task
behavioral1
Sample
be2217174a9927d8df6977aca91f733234854a7d58ea4a4379a6c5735a9200f1.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Extracted
redline
1
45.32.171.34:42954
Targets
-
-
Target
be2217174a9927d8df6977aca91f733234854a7d58ea4a4379a6c5735a9200f1
-
Size
317KB
-
MD5
651b565bf27de6c439c1c1071361b37a
-
SHA1
00bf67fd5775f80a14a0051bc295241c9e4c0b57
-
SHA256
be2217174a9927d8df6977aca91f733234854a7d58ea4a4379a6c5735a9200f1
-
SHA512
6cbaa1e05e88ce967be7e7ae9c5aa5b6ab7cfce4b6bdd3e93550ee10a86336ef6f1d6ea1dff19172e8278791145e2e87ff6ec3f74815d3074655bac942f8b304
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-