General
-
Target
3f86783d2ddf9e96758c2a3acbb22579013a3ed4bd28eb57232f67627b9edec6
-
Size
264KB
-
Sample
221207-xefn7aag4s
-
MD5
2160bf25d7e5e4ad5f2c807c3d6e05db
-
SHA1
0ce94d40d263e7ac691c43bbde7fd1b279948341
-
SHA256
3f86783d2ddf9e96758c2a3acbb22579013a3ed4bd28eb57232f67627b9edec6
-
SHA512
88111940e43722f8c0c1da8e76b0f78095fa273350d29ffacfb83750681d9ba9c714e1f312d4851f7bbe6904a1d97eb30a9fec65b62f0074ca7062a0f416bc26
-
SSDEEP
3072:cO4smRa0RWanfUgv5dI5QBW+2+EaJ/KYdxBeVdS9RIlf3:vGfDI5QVEaJnduOilf
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
3f86783d2ddf9e96758c2a3acbb22579013a3ed4bd28eb57232f67627b9edec6
-
Size
264KB
-
MD5
2160bf25d7e5e4ad5f2c807c3d6e05db
-
SHA1
0ce94d40d263e7ac691c43bbde7fd1b279948341
-
SHA256
3f86783d2ddf9e96758c2a3acbb22579013a3ed4bd28eb57232f67627b9edec6
-
SHA512
88111940e43722f8c0c1da8e76b0f78095fa273350d29ffacfb83750681d9ba9c714e1f312d4851f7bbe6904a1d97eb30a9fec65b62f0074ca7062a0f416bc26
-
SSDEEP
3072:cO4smRa0RWanfUgv5dI5QBW+2+EaJ/KYdxBeVdS9RIlf3:vGfDI5QVEaJnduOilf
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-