General
-
Target
3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
-
Size
2.5MB
-
Sample
220511-tky6yafbhq
-
MD5
13800c4c4b17846988cbae61dd120965
-
SHA1
d2e7498c166690afec1554daf6b4f721c485f0e2
-
SHA256
3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
-
SHA512
160f89940c0a120cda0e5aa9bf362ed124c2d920f295edd45ff88b1b5b1b890d7dc792362fdaad9cb3cca3dc2fe6feb379c42893b126c14f79fb3e0d4b1bc411
Static task
static1
Behavioral task
behavioral1
Sample
3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2020
http://agressivemnaiq.xyz/
https://agressivemnaiq.xyz/
Extracted
redline
MixW
94.130.222.120:29240
-
auth_value
13e177d0765ee6b55bd8c1f11560c773
Extracted
redline
us
94.130.222.120:29240
-
auth_value
521267bd2f00cb305e87075b05d009f9
Targets
-
-
Target
3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
-
Size
2.5MB
-
MD5
13800c4c4b17846988cbae61dd120965
-
SHA1
d2e7498c166690afec1554daf6b4f721c485f0e2
-
SHA256
3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
-
SHA512
160f89940c0a120cda0e5aa9bf362ed124c2d920f295edd45ff88b1b5b1b890d7dc792362fdaad9cb3cca3dc2fe6feb379c42893b126c14f79fb3e0d4b1bc411
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-