redline | 8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
Size

1.4MB
Sample

220514-vbbvqadbfj
MD5

9909c471f3ce6914389f62d58fa6aa43
SHA1

309be41081b2b05ec1d2e936f5cc2880d4c28391
SHA256

8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
SHA512

3d4791869810665bef2782025c4330b71d5fb41b8110857c2bcb2b2832ae93bdf2b3f49edee27d4501145ba6139296ec053071db22fe75f45f6209bab618c7ef

Score

10^/10

redline smokeloader test1 backdoor collection infostealer persistence spyware suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3.exe

Resource

win10-20220414-en

redline smokeloader test1 backdoor collection infostealer persistence spyware suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://motionberry999xerz.ru/

http://happyday9risce.com/

http://kokihap7siexz3.com/

https://motionberry999xerz.ru/

https://happyday9risce.com/

https://kokihap7siexz3.com/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

test1

C2

23.88.112.179:19536

Attributes

auth_value
68c6114f4d4c471ad88677f54e75676f

Targets

- Target
  
  8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
- Size
  
  1.4MB
- MD5
  
  9909c471f3ce6914389f62d58fa6aa43
- SHA1
  
  309be41081b2b05ec1d2e936f5cc2880d4c28391
- SHA256
  
  8502f7db79a06b2327d4894e79d7936cad1d42b45589f1938cbac8506a4624e3
- SHA512
  
  3d4791869810665bef2782025c4330b71d5fb41b8110857c2bcb2b2832ae93bdf2b3f49edee27d4501145ba6139296ec053071db22fe75f45f6209bab618c7ef
Score

10^/10

redline smokeloader test1 backdoor collection infostealer persistence spyware suricata trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Email Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesmokeloadertest1backdoorcollectioninfostealerpersistencespywaresuricatatrojan

© 2018-2024

Terms | Privacy