General
-
Target
f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
-
Size
140KB
-
Sample
221225-s6jspseg8v
-
MD5
eac9bec223e2b02ba1af2db24c66adc0
-
SHA1
d005178fffb5e9deab2ca0cc5433065ae7697f59
-
SHA256
6e243544f7cb2d53b0724bba7fa75a14022d8c2515dce015bd2cb43a13c452a8
-
SHA512
54e3685931f5570b36d67d34a7773f059c1fd905f11fc310e3504a8691bffbd85ec2e2cd85e3b7e5d8bf2e1250796da867693d3ca9c5f1cf38255de3e9f9ed84
-
SSDEEP
3072:9kEvx3l6xO3EGFdDgUNS5stO7J0xNdhrWur8gRrlf:CapT3EmdDDNS5+O7wRrNr8Slf
Malware Config
Extracted
redline
11
79.137.202.18:45218
-
auth_value
107e09eee63158d2488feb03dac75204
Targets
-
-
Target
f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
-
Size
232KB
-
MD5
612690d2d2a6c5aec8e5b623e2c390cf
-
SHA1
8f05ab45296839473b91afd9f4ad158f6bd1c2ba
-
SHA256
f03cfa30317eefbc658e645242cf7be5a3d012cc26d91f04284b80127d07b6ce
-
SHA512
894691078f834e5038c03ab32d46fee12719af18357c48cdd9b511c196828b9e64d8d10a563aac7693eb024fd968fcb2085af03b9072acf7eb58bb9f0888f88c
-
SSDEEP
3072:sl8NLawRLUhJ5hX6YMnfaJJZ4s2/nIVzW+5SeAddxZtJ/SRLjw7RkxmJZs:tLFRLk7J/4BEW+ce6dxPJ/SZGymI
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation