General
-
Target
d451df805c8d8ba70983cc3f52c316c8ad5289d1b7afdd924d57294d97d9dc07
-
Size
146KB
-
Sample
221126-l6k77scc6w
-
MD5
ea74ea3c5a5587604070ed87cb474fd5
-
SHA1
d1573ebcfdce53a347a61641b640fb8e4f8b588e
-
SHA256
d451df805c8d8ba70983cc3f52c316c8ad5289d1b7afdd924d57294d97d9dc07
-
SHA512
5ebbfdc886d9a7a2299f1db2959588761132275c8ecbdc4f5c000cc94809574d90cd6f1bdc1494bd28a886c8efea39d99875a8333dc71b3536fefc86950aa65a
-
SSDEEP
3072:PeMo2kahMhsh5ezLFkGGJ2z+YcklloDgx6Q0k:1opahMh5eGGJA+ocDgxD
Malware Config
Extracted
redline
KRIPT
212.8.246.157:32348
-
auth_value
80ebe4bab7a98a7ce9c75989ff9f40b4
Extracted
redline
79.137.192.9:19788
-
auth_value
893f96bcbb13a0a44692475d92c48cfc
Targets
-
-
Target
d451df805c8d8ba70983cc3f52c316c8ad5289d1b7afdd924d57294d97d9dc07
-
Size
146KB
-
MD5
ea74ea3c5a5587604070ed87cb474fd5
-
SHA1
d1573ebcfdce53a347a61641b640fb8e4f8b588e
-
SHA256
d451df805c8d8ba70983cc3f52c316c8ad5289d1b7afdd924d57294d97d9dc07
-
SHA512
5ebbfdc886d9a7a2299f1db2959588761132275c8ecbdc4f5c000cc94809574d90cd6f1bdc1494bd28a886c8efea39d99875a8333dc71b3536fefc86950aa65a
-
SSDEEP
3072:PeMo2kahMhsh5ezLFkGGJ2z+YcklloDgx6Q0k:1opahMh5eGGJA+ocDgxD
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-