Overview

overview

10

Static

static

bd208b56f6...26.exe

windows7-x64

10

bd208b56f6...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26

  • Size

    139KB

  • Sample

    221225-1a7hwscb35

  • MD5

    f0e970cacc1279501deb0beadadd84ad

  • SHA1

    be76d5dbfa35cb21be33ef802fc4586447f8c129

  • SHA256

    892d50a163bac4073235a46a2f7b713e65c24f3dbcc77d830a2f327c52241a3a

  • SHA512

    e242d3e96020fd63c6392d6449a7ad8ad6b3fa80e296adbfc808bcffaaa06d6213ebdd3f425248da0964b66b8fef89dc7b3f0e57a5da0d4fe554e374b569ad6a

  • SSDEEP

    3072:p2IgLk2F014lAeupTZqTE8wZhJMAqkbeJ7aj3D:p23l+1YAPTNJneJ7a

Score
10/10
redlinesmokeloader11backdoorinfostealerspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26

    • Size

      231KB

    • MD5

      a5f5f37a1847dfb887afe130c5838633

    • SHA1

      3ffdfe8a0a11303521f287888e0b8669d88433da

    • SHA256

      bd208b56f6151e54b8582e66e8304e5e72e6dfcd046e2a82d482b191ae884c26

    • SHA512

      ffb2e678256ea987eb2c462df2bf4f4e04958bcd37d56a717290da6dc1c12061f84f8b6f303aa593191b15c463a4650962e1d0cadfca5f64b02c73af215cceb7

    • SSDEEP

      3072:Rbud1LNTJc5Hm7Gs4V2GEl6pAT23tJ/NewSw7RkxmJZs:R4LVJom7DGndJ/EDGymI

    Score
    10/10
    smokeloaderbackdoortrojanredline11infostealerspyware

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks