General
-
Target
f3cb29bb67f1de017a26a26509b3f72d3538797eb11ff931e16a2cb5353f6950
-
Size
318KB
-
Sample
220927-l3t1yadbf4
-
MD5
7cfee8113fa2c2d43b06cc8ca10aaf8b
-
SHA1
3783e47444f0f874f6e37b96c4fbd6cc9e3ac9fa
-
SHA256
f3cb29bb67f1de017a26a26509b3f72d3538797eb11ff931e16a2cb5353f6950
-
SHA512
153de35e76969f20336228b53fa9f9d7ac044e38e0ed080631961365f57c74ddcf49a8e6ba88b82594aeca6d30da9dbc7e227e163ee8d52dda3c0270ba272795
-
SSDEEP
3072:41XPJ2BYF7zQb125/gKT8L6+/BxfZVGX9k0KVIvzgUM/h3BsxkgaBChU/pZa9uD5:4xQTbAJ8L6+/3k9k0KIvz/nigabwVf
Malware Config
Extracted
redline
11
77.73.134.27:7161
-
auth_value
e6aadafed1fda7723d7655a5894828d2
Targets
-
-
Target
f3cb29bb67f1de017a26a26509b3f72d3538797eb11ff931e16a2cb5353f6950
-
Size
318KB
-
MD5
7cfee8113fa2c2d43b06cc8ca10aaf8b
-
SHA1
3783e47444f0f874f6e37b96c4fbd6cc9e3ac9fa
-
SHA256
f3cb29bb67f1de017a26a26509b3f72d3538797eb11ff931e16a2cb5353f6950
-
SHA512
153de35e76969f20336228b53fa9f9d7ac044e38e0ed080631961365f57c74ddcf49a8e6ba88b82594aeca6d30da9dbc7e227e163ee8d52dda3c0270ba272795
-
SSDEEP
3072:41XPJ2BYF7zQb125/gKT8L6+/BxfZVGX9k0KVIvzgUM/h3BsxkgaBChU/pZa9uD5:4xQTbAJ8L6+/3k9k0KIvz/nigabwVf
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-