Extracted

Extracted

Extracted

• • Target

    7FA0FC4B901FF3BB9002F33B4A7F0A01AEF10F36C8304.exe

  • Size

    30KB

  • MD5

    0d7eb2137c2d696071df27cc6a601a5a

  • SHA1

    f3e487886630e0729fb4b4967cd11c2ee0daa989

  • SHA256

    7fa0fc4b901ff3bb9002f33b4a7f0a01aef10f36c8304d26cdbf0934a9fd816f

  • SHA512

    1b6f45cd581d3cd8292d8b97b840473eddb5239ce07037a8d34cf1530dc6c35613591e1d06f56453b50060d0df8d6066cc675a8cde3018220547597515e8f662

  • SSDEEP

    768:8t6+ztmVfbHmHS8/ckpKd75wiqjUKPO6AAb3vM8pYwA:2ztmJbHmHT/zKdVwigUAAK3qw

  Score

  10^/10

  smokeloaderbackdoortrojanglobeimposterredline0025infostealerpersistenceransomware

  • Detects Smokeloader packer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2