Extracted

• • Target

    e41ad88438135bf0b2189701de819be1.exe

  • Size

    213KB

  • MD5

    e41ad88438135bf0b2189701de819be1

  • SHA1

    95de6449d3b39f8e5024456909c867db18f8a72b

  • SHA256

    cd3a2b42f2d770f1f870b2e3be9d0a5262b8038d65e6f95a1e63bed333150db5

  • SHA512

    3cee47029aa2fde04e16f964a5d0c661a623bf6a3a954f30d90ead3859ae4d02c997184d929ba66712b67731cdd17cd664f620ca16241ac04c58e16aea500515

  • SSDEEP

    3072:yXp4AqLOlFA/gtXw4Q5VgHnk9pIZ/cs95SSYPmEpZ0KPDUX56o:ycLOlFPwtgHk9pIpLSSsZ0bo

  Score

  10^/10

  smokeloaderbackdoortrojanredline535discoveryinfostealerspywarestealer

  • Detects Smokeloader packer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2