redline | aab78d3f899984c0aac525eacf9182516b151687c14002c86b9ef1a0d1418fbf | Triage

Sharing

General

Target

aab78d3f899984c0aac525eacf9182516b151687c14002c86b9ef1a0d1418fbf
Size

231KB
Sample

221226-atx6fsfe3v
MD5

4241d9b921dc81f7b6362c7b2a6bb7c7
SHA1

fcb6e462061be8b82f0c9b4a8a56a009bce24dc2
SHA256

aab78d3f899984c0aac525eacf9182516b151687c14002c86b9ef1a0d1418fbf
SHA512

22751d12bf2301d4fdcc5a17f7946de4c04c99d8f08943bdd04dd1e7f7ebb40b859e0752a2cf4cfd480c7f5a3dab1d708bff2a73b6a1b3d90b497354f639671a
SSDEEP

6144:ALqjn2omFIXxEk69/HRdkAtK8M+KJbIr:AGjn2HFIh3CHRN48r

Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  aab78d3f899984c0aac525eacf9182516b151687c14002c86b9ef1a0d1418fbf
- Size
  
  231KB
- MD5
  
  4241d9b921dc81f7b6362c7b2a6bb7c7
- SHA1
  
  fcb6e462061be8b82f0c9b4a8a56a009bce24dc2
- SHA256
  
  aab78d3f899984c0aac525eacf9182516b151687c14002c86b9ef1a0d1418fbf
- SHA512
  
  22751d12bf2301d4fdcc5a17f7946de4c04c99d8f08943bdd04dd1e7f7ebb40b859e0752a2cf4cfd480c7f5a3dab1d708bff2a73b6a1b3d90b497354f639671a
- SSDEEP
  
  6144:ALqjn2omFIXxEk69/HRdkAtK8M+KJbIr:AGjn2HFIh3CHRN48r
Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinesmokeloader11backdoorinfostealerspywaretrojan