Overview

overview

10

Static

static

8dd5ec6332...25.exe

windows7-x64

10

8dd5ec6332...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8dd5ec6332a698f00b2feb4b74fcf185a6905bce3e18bd998d1ea8ba0e354525

  • Size

    139KB

  • Sample

    221225-v38nrsbg92

  • MD5

    a952569ccfada30a58d573b8776730ef

  • SHA1

    4deb1d329d211f7b667b25ead149ab9df2c3f737

  • SHA256

    4c01d44656e84d5b6a3fb681d5cca1cec93eb701fdb0931ccdaa28e305b2330e

  • SHA512

    5c74e6df3199cadfc0c5a2d0ed40d6a6c28e58cc10e57bc2a5a7d76059f533aba40251467798351870e07fcbd14d34f0fa0199a12ea3a2373df96ee5ebdec733

  • SSDEEP

    3072:7yr8bcUau0ECFIV10+RVyh31b+JkqVeTfpTxpDZPy59:7x6BF+0ek6JFeTfpp6D

Score
10/10
redlinesmokeloader11backdoorinfostealerspywaretrojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      8dd5ec6332a698f00b2feb4b74fcf185a6905bce3e18bd998d1ea8ba0e354525

    • Size

      231KB

    • MD5

      eabaf86be2fa999dfada34f3c9e53c99

    • SHA1

      6a41e2a4452a19631b9ccac17496df40f867f6ec

    • SHA256

      8dd5ec6332a698f00b2feb4b74fcf185a6905bce3e18bd998d1ea8ba0e354525

    • SHA512

      c87b2ef8f7a914185f96836c6a5f6c36d3c3ebb771e934f81d4119df8659e3301775ae4bd59215817c11676ddffb221b7793802ebff7f8124f26058a10556f38

    • SSDEEP

      3072:TFciL5TkXE5HLjQO69QHD/PjoZBFp50dtJ//894w7RkxmJZs:T/L54XILkbQgZjkrJ/kmGymI

    Score
    10/10
    smokeloaderbackdoortrojanredline11infostealerspyware

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks