Extracted

• • Target

    e25db0eb17bccfa11e4f7f0d5b691fab83c7efdeefe75b03de9e3886c23696cd

  • Size

    150KB

  • MD5

    87d4454cc42b3eb865bf415437df2968

  • SHA1

    da84bbeeae9569f47db915dd58e6fa6565c37f5a

  • SHA256

    e25db0eb17bccfa11e4f7f0d5b691fab83c7efdeefe75b03de9e3886c23696cd

  • SHA512

    b55dc7f1d2a458e28757190a2a48a72f2fe636d407e44c0cd71ae5bb4e780e78e26595b52b7bd2df5a9d120d97e1b774495280ba1ff50b66b0352113dfe72b05

  • SSDEEP

    3072:Uh/GSwqrb25E2lO7z5bEXa9DiqA2Dcc21d7YC2/3L5gw:MGiIZlOWXgiqAOsDY//bz

  Score

  10^/10

  redlinesmokeloadernewlogsbackdoorinfostealerspywaretrojan

  • Detects Smokeloader packer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1