General
-
Target
df689aafc37fe83d1f76984911e4d6c2.exe
-
Size
264KB
-
Sample
220322-vkq11agda6
-
MD5
df689aafc37fe83d1f76984911e4d6c2
-
SHA1
e90bd78e5e110fe2d306ecc8e8cadf19de78564c
-
SHA256
4ff32cd7d9a37a73d8c836a7c5a32792281e46b3f2d8a17fd535a4c90fe65680
-
SHA512
435fd573b94e4fc3c53bc5d7bf56a3e83a434da4c60a7bc960f572afbf726c00c916dab41e342b2b473b5d61a99679728f478d623a0fc7b987c6b78c8f87e4aa
Static task
static1
Behavioral task
behavioral1
Sample
df689aafc37fe83d1f76984911e4d6c2.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
df689aafc37fe83d1f76984911e4d6c2.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
smokeloader
2020
http://coralee.at/upload/
http://ducvietcao.com/upload/
http://biz-acc.ru/upload/
http://toimap.com/upload/
http://bbb7d.com/upload/
http://piratia-life.ru/upload/
http://curvreport.com/upload/
http://viagratos.com/upload/
http://mordo.ru/upload/
http://pkodev.net/upload/
http://ghahantellorb.com/
http://hasarcyaionex.shop/
Extracted
redline
1
62.204.41.199:30941
-
auth_value
233d7744d392476aad9c7ac20cda7c2e
Targets
-
-
Target
df689aafc37fe83d1f76984911e4d6c2.exe
-
Size
264KB
-
MD5
df689aafc37fe83d1f76984911e4d6c2
-
SHA1
e90bd78e5e110fe2d306ecc8e8cadf19de78564c
-
SHA256
4ff32cd7d9a37a73d8c836a7c5a32792281e46b3f2d8a17fd535a4c90fe65680
-
SHA512
435fd573b94e4fc3c53bc5d7bf56a3e83a434da4c60a7bc960f572afbf726c00c916dab41e342b2b473b5d61a99679728f478d623a0fc7b987c6b78c8f87e4aa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-