Extracted

Extracted

• • Target

    ed57896c997e7bcfce0a5cd13d1107ee3ea4e1b2f8eb8183eaa7de85b7c70d06.exe

  • Size

    259KB

  • MD5

    ae1d34fef8efe214c82222ebbe69651b

  • SHA1

    6cde32b7080c7f655fe66c5b5fb178ccfd985225

  • SHA256

    ed57896c997e7bcfce0a5cd13d1107ee3ea4e1b2f8eb8183eaa7de85b7c70d06

  • SHA512

    b0f7705e62cc1d2c97d51148e4d815e7eba4b97d3eb4e71b6d79d939175895ac6d45fe7ab8a19d13273338ce4e9680209cb5a027703e0fea438d54df5fbfb7e4

  • SSDEEP

    3072:HXOTHLaL+gAx3TSG1mj5VI9HdXDyWRto0x4+ablErtV7d5PmLDedNaFGM/h3m:3YHOL+fTt1SIBdX/oi+irtV7d4ON4G

  Score

  10^/10

  smokeloaderbackdoortrojanredlinegoogle2slovarik15btcinfostealerspyware

  • Detects Smokeloader packer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2