redline | fe7a13d4f8685767fee1cba9fe64ae0ffe1ff8ef75e7bf0bacedc0bfadea65b8 | Triage

Submit
Reports

Overview

overview

Static

static

1ae760410d...2b.exe

windows7-x64

1ae760410d...2b.exe

windows10-2004-x64

Sharing

General

Target

1ae760410db891cd647e661a2264f82b.exe
Size

153KB
Sample

220927-gh31wsdgbq
MD5

1ae760410db891cd647e661a2264f82b
SHA1

46384d15566ce7331d56dd2686f922ad58cc5fc6
SHA256

fe7a13d4f8685767fee1cba9fe64ae0ffe1ff8ef75e7bf0bacedc0bfadea65b8
SHA512

98ac00c9ffede21b10630b09cdaf07b9c75a482aa40c4696a24fdb07aca9a46923988289e1c3cdeaa7666e2bb2707c7a8f99e40382bd15dfeb633fb8078664e6
SSDEEP

3072:holVdhTF5WcSxMfSJwhzQOjt3c1M3PMGI8Lr7UJ6UBC9EEz5B:2doBCfSuhzQwQMLNLr7PD

Score

10^/10

redline smokeloader 11 install backdoor discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1ae760410db891cd647e661a2264f82b.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ae760410db891cd647e661a2264f82b.exe

Resource

win10v2004-20220901-en

redline smokeloader 11 install backdoor discovery infostealer spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

11

C2

77.73.134.27:7161

Attributes

auth_value
e6aadafed1fda7723d7655a5894828d2

Extracted

Family

redline

Botnet

install

C2

212.8.244.233:43690

Attributes

auth_value
cbce7277fef2185d93b8332df3940ad5

Targets

- Target
  
  1ae760410db891cd647e661a2264f82b.exe
- Size
  
  153KB
- MD5
  
  1ae760410db891cd647e661a2264f82b
- SHA1
  
  46384d15566ce7331d56dd2686f922ad58cc5fc6
- SHA256
  
  fe7a13d4f8685767fee1cba9fe64ae0ffe1ff8ef75e7bf0bacedc0bfadea65b8
- SHA512
  
  98ac00c9ffede21b10630b09cdaf07b9c75a482aa40c4696a24fdb07aca9a46923988289e1c3cdeaa7666e2bb2707c7a8f99e40382bd15dfeb633fb8078664e6
- SSDEEP
  
  3072:holVdhTF5WcSxMfSJwhzQOjt3c1M3PMGI8Lr7UJ6UBC9EEz5B:2doBCfSuhzQwQMLNLr7PD
Score

10^/10

smokeloader backdoor trojan redline 11 install discovery infostealer spyware stealer
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

redlinesmokeloader11installbackdoordiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy