General
-
Target
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
Size
139KB
-
Sample
221225-1a7hwscb35
-
MD5
f0e970cacc1279501deb0beadadd84ad
-
SHA1
be76d5dbfa35cb21be33ef802fc4586447f8c129
-
SHA256
892d50a163bac4073235a46a2f7b713e65c24f3dbcc77d830a2f327c52241a3a
-
SHA512
e242d3e96020fd63c6392d6449a7ad8ad6b3fa80e296adbfc808bcffaaa06d6213ebdd3f425248da0964b66b8fef89dc7b3f0e57a5da0d4fe554e374b569ad6a
-
SSDEEP
3072:p2IgLk2F014lAeupTZqTE8wZhJMAqkbeJ7aj3D:p23l+1YAPTNJneJ7a
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
Size
231KB
-
MD5
a5f5f37a1847dfb887afe130c5838633
-
SHA1
3ffdfe8a0a11303521f287888e0b8669d88433da
-
SHA256
bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26
-
SHA512
ffb2e678256ea987eb2c462df2bf4f4e04958bcd37d56a717290da6dc1c12061f84f8b6f303aa593191b15c463a4650962e1d0cadfca5f64b02c73af215cceb7
-
SSDEEP
3072:Rbud1LNTJc5Hm7Gs4V2GEl6pAT23tJ/NewSw7RkxmJZs:R4LVJom7DGndJ/EDGymI
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation