Extracted

Extracted

Extracted

• • Target

    1d5f939ef6b4cb7357a901fea27ff51c41a7ada4935d02d5e6e214563e2a54ba.exe

  • Size

    292KB

  • MD5

    61bcb011b4e4a5fca5af9d570a319055

  • SHA1

    9f1ff2953e1c0fac624b5deae1deb7885ea2c873

  • SHA256

    1d5f939ef6b4cb7357a901fea27ff51c41a7ada4935d02d5e6e214563e2a54ba

  • SHA512

    f27057bb8d09876229634e87d03b9ac92a1f6b63e2bb6edc1a4f4593ec514ec1f4ab4e3013652b813126872e660bee62ee758a3d24223db16f7890ef5fe3a7d5

  • SSDEEP

    6144:wlprYLdM2a+ZmQPWA4rwTv5qv6TLAI4q:wlprY5MHraLL5qv6fA

  Score

  10^/10

  smokeloaderbackdoortrojaneternityredline@redlinevip cloud (tg: @fatherofcarders)collectiondiscoveryinfostealerspywarestealer

  • Detects Smokeloader packer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2