redline | 3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
Size

2.5MB
Sample

220511-tky6yafbhq
MD5

13800c4c4b17846988cbae61dd120965
SHA1

d2e7498c166690afec1554daf6b4f721c485f0e2
SHA256

3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
SHA512

160f89940c0a120cda0e5aa9bf362ed124c2d920f295edd45ff88b1b5b1b890d7dc792362fdaad9cb3cca3dc2fe6feb379c42893b126c14f79fb3e0d4b1bc411

Score

10^/10

redline smokeloader mixw us backdoor evasion infostealer suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db.exe

Resource

win10v2004-20220414-en

redline smokeloader mixw us backdoor evasion infostealer suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://agressivemnaiq.xyz/

https://agressivemnaiq.xyz/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

MixW

C2

94.130.222.120:29240

Attributes

auth_value
13e177d0765ee6b55bd8c1f11560c773

Extracted

Family

redline

Botnet

us

C2

94.130.222.120:29240

Attributes

auth_value
521267bd2f00cb305e87075b05d009f9

Targets

- Target
  
  3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
- Size
  
  2.5MB
- MD5
  
  13800c4c4b17846988cbae61dd120965
- SHA1
  
  d2e7498c166690afec1554daf6b4f721c485f0e2
- SHA256
  
  3ac5b457aab7d676c96e0c446ab1ca8cc374c1b4129f08009055263fd6fd91db
- SHA512
  
  160f89940c0a120cda0e5aa9bf362ed124c2d920f295edd45ff88b1b5b1b890d7dc792362fdaad9cb3cca3dc2fe6feb379c42893b126c14f79fb3e0d4b1bc411
Score

10^/10

redline smokeloader mixw us backdoor evasion infostealer suricata trojan upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesmokeloadermixwusbackdoorevasioninfostealersuricatatrojanupx

© 2018-2024

Terms | Privacy