General
-
Target
8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
-
Size
1.4MB
-
Sample
220514-vbbvqadbfj
-
MD5
9909c471f3ce6914389f62d58fa6aa43
-
SHA1
309be41081b2b05ec1d2e936f5cc2880d4c28391
-
SHA256
8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
-
SHA512
3d4791869810665bef2782025c4330b71d5fb41b8110857c2bcb2b2832ae93bdf2b3f49edee27d4501145ba6139296ec053071db22fe75f45f6209bab618c7ef
Static task
static1
Behavioral task
behavioral1
Sample
8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3.exe
Resource
win10-20220414-en
Malware Config
Extracted
smokeloader
2020
http://motionberry999xerz.ru/
http://happyday9risce.com/
http://kokihap7siexz3.com/
https://motionberry999xerz.ru/
https://happyday9risce.com/
https://kokihap7siexz3.com/
Extracted
redline
test1
23.88.112.179:19536
-
auth_value
68c6114f4d4c471ad88677f54e75676f
Targets
-
-
Target
8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
-
Size
1.4MB
-
MD5
9909c471f3ce6914389f62d58fa6aa43
-
SHA1
309be41081b2b05ec1d2e936f5cc2880d4c28391
-
SHA256
8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
-
SHA512
3d4791869810665bef2782025c4330b71d5fb41b8110857c2bcb2b2832ae93bdf2b3f49edee27d4501145ba6139296ec053071db22fe75f45f6209bab618c7ef
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-