General
-
Target
0da6fa4b335e835322515d0a96c88d6a133349d57560f.exe
-
Size
234KB
-
Sample
220312-zrzc6sbab6
-
MD5
c84fc9842b288932a1c1cc8f1371ea21
-
SHA1
2e048768e866cb00596b3b6718956d0ff070f615
-
SHA256
0da6fa4b335e835322515d0a96c88d6a133349d57560f476821d90e2477ffbeb
-
SHA512
04eedd48ac09195da84eb9d7b7fb37a77f9ebc13cbb9f342a33e3d1e821536622ae90d3c29c2c76b68cb2076eea7f627e84b34a5fb4b5f6cd3924fa749be9a46
Static task
static1
Behavioral task
behavioral1
Sample
0da6fa4b335e835322515d0a96c88d6a133349d57560f.exe
Resource
win7-20220310-en
Malware Config
Extracted
smokeloader
2020
http://coralee.at/upload/
http://ducvietcao.com/upload/
http://biz-acc.ru/upload/
http://toimap.com/upload/
http://bbb7d.com/upload/
http://piratia-life.ru/upload/
http://curvreport.com/upload/
http://viagratos.com/upload/
http://mordo.ru/upload/
http://pkodev.net/upload/
Extracted
redline
ww
193.106.191.67:44400
-
auth_value
5a1b28ccd05953f5c3f99729c12427cc
Extracted
raccoon
ccba3157b9f42051adf38fbb8f5d0aca7f2b7366
-
url4cnc
http://185.163.204.81/nui8xtgen
http://194.180.191.33/nui8xtgen
http://174.138.11.98/nui8xtgen
http://194.180.191.44/nui8xtgen
http://91.219.236.120/nui8xtgen
https://t.me/nui8xtgen
Targets
-
-
Target
0da6fa4b335e835322515d0a96c88d6a133349d57560f.exe
-
Size
234KB
-
MD5
c84fc9842b288932a1c1cc8f1371ea21
-
SHA1
2e048768e866cb00596b3b6718956d0ff070f615
-
SHA256
0da6fa4b335e835322515d0a96c88d6a133349d57560f476821d90e2477ffbeb
-
SHA512
04eedd48ac09195da84eb9d7b7fb37a77f9ebc13cbb9f342a33e3d1e821536622ae90d3c29c2c76b68cb2076eea7f627e84b34a5fb4b5f6cd3924fa749be9a46
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-