Extracted

Extracted

Extracted

Extracted

• • Target

    78b2113b32daf795d61b84a188f02b21ffe918f1381f2307f4dddab86b3153df

  • Size

    255KB

  • MD5

    c1ab42e4fc20768f0e231ca62dad1bdc

  • SHA1

    021c492adc3f75ef0e01661d6fd72ec11e246e98

  • SHA256

    78b2113b32daf795d61b84a188f02b21ffe918f1381f2307f4dddab86b3153df

  • SHA512

    a01ea63e2cc842ec79a10fb56e0f5ad93fad1e809fa120787b078c92eec23bea5b355fd4df68b74a90744706732515ee348964df3ccfaeeaa2b543f6df075d39

  • SSDEEP

    3072:KUXVf2FsKLuSghVB5jF8jR2PkL9UWryshqNFXERCIBfotQPlmjfJ9T:J4NLinB5jFFPO95U8R0t5jDT

  Score

  10^/10

  redlinesmokeloaderfotegoogle2nam7slovarik15btcbackdoordiscoveryinfostealerspywarestealertrojanupx

  • Detects Smokeloader packer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1