redline | ef4f930c7c20469b2e487e60f670795938458002b376a92abb64a87601d77826 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
Size

140KB
Sample

221224-z7y3cadh2s
MD5

0132b2a24e22cb74246bc14f3d58f418
SHA1

088955862f37b00cede4e1b63a1c7e49653b12b0
SHA256

ef4f930c7c20469b2e487e60f670795938458002b376a92abb64a87601d77826
SHA512

c657cbcf7c7b76dfc99075659b4b88f9658295c33df9064f706efaee969ea530df2cafc7c1083fd91492aff2d0718751201c48d5e793ec2967698e75d3e935e8
SSDEEP

3072:sIkimGAPYI3y213LbAVwh9rXCnNRAXuHP2Q2xzDxAqmgaQMp0WmN6PIW0:sAmGmYIL13ngwhtSn4+h2xZjlnNWmN6Y

Score

10^/10

redline smokeloader bundle2 backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

bundle2

C2

65.21.5.58:24911

Attributes

auth_value
d9f9d4528fe5d7d9b08b5ca49403aef0

Targets

- Target
  
  842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
- Size
  
  223KB
- MD5
  
  bfbfca5f9c558bf3171f999ba3459d12
- SHA1
  
  ced296dd2fa34b9b52cdb01e238af34dd8414399
- SHA256
  
  842f4b4369331da215a52c5af21720d30d799557e41e493892f76078c18a4b49
- SHA512
  
  59150c481eb0544897b09c53f52cd00f1068f410234c947ab24e96948713d6fb129ac01a98a747d84d918003555c7177e1cf40abd1cb099e2fb0d43ec0ca72a1
- SSDEEP
  
  3072:WDwILGHLb55+98kVwAgmv9LKxW42MLauDgI7H4f/ln:qLGrfkgm1XMLaMgIS
Score

10^/10

smokeloader backdoor trojan redline bundle2 infostealer spyware
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

redlinesmokeloaderbundle2backdoorinfostealerspywaretrojan