General
-
Target
487eb4d42bee52098d2375e5d04e86f85c9addf15d2a969e5b7e61ef127340cb
-
Size
528KB
-
Sample
220415-rft1bacggn
-
MD5
0a812a69a1080234c0a1c9f92512be4d
-
SHA1
2865d6f4bf0dcfbc971f4d96bd1048534e0e18c5
-
SHA256
487eb4d42bee52098d2375e5d04e86f85c9addf15d2a969e5b7e61ef127340cb
-
SHA512
a021786d2e2a5b983fbbed5e54013ccc3ac7926a6f9a12ff06d20e72e779698e5f17eeb73fbef77b3bcca3a1530be6ff6284e0b1a68fe4d939ddaed3cf1790a2
Static task
static1
Behavioral task
behavioral1
Sample
487eb4d42bee52098d2375e5d04e86f85c9addf15d2a969e5b7e61ef127340cb.exe
Resource
win10-20220414-en
Malware Config
Extracted
smokeloader
2020
http://hydroxychl0roquine.xyz/
https://hydroxychl0roquine.xyz/
Extracted
redline
@ChelnEvreya
46.8.220.88:65531
-
auth_value
d24bb0cd8742d0e0fba1abfab06e4005
Targets
-
-
Target
487eb4d42bee52098d2375e5d04e86f85c9addf15d2a969e5b7e61ef127340cb
-
Size
528KB
-
MD5
0a812a69a1080234c0a1c9f92512be4d
-
SHA1
2865d6f4bf0dcfbc971f4d96bd1048534e0e18c5
-
SHA256
487eb4d42bee52098d2375e5d04e86f85c9addf15d2a969e5b7e61ef127340cb
-
SHA512
a021786d2e2a5b983fbbed5e54013ccc3ac7926a6f9a12ff06d20e72e779698e5f17eeb73fbef77b3bcca3a1530be6ff6284e0b1a68fe4d939ddaed3cf1790a2
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-