Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
Size

232KB
Sample

221226-keytjscf44
MD5

5e584245a4447107219c48f4d9be90af
SHA1

cef0260dca891d4de275c40f091d4fed1be2cd12
SHA256

3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
SHA512

c0e4a1c1f8907ba0f6e9512d5d2685e3807582b3a4a2474a9d5173891587715b363597d659c551896093fa6bc94e22f1926f86b5f59bd46509e2991bbc4ea3ab
SSDEEP

3072:rNOU/Ll55hE37Bwg2PpDNj/hAvlS1g/tK8iHAaLrcSb54VIcVTuh:7LllE37Bw9xDfARtK8iHAsbIr

Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
- Size
  
  232KB
- MD5
  
  5e584245a4447107219c48f4d9be90af
- SHA1
  
  cef0260dca891d4de275c40f091d4fed1be2cd12
- SHA256
  
  3a99389b880ae3f89214477a855bb16090ca2b50816c864527ea9bf97f1ef182
- SHA512
  
  c0e4a1c1f8907ba0f6e9512d5d2685e3807582b3a4a2474a9d5173891587715b363597d659c551896093fa6bc94e22f1926f86b5f59bd46509e2991bbc4ea3ab
- SSDEEP
  
  3072:rNOU/Ll55hE37Bwg2PpDNj/hAvlS1g/tK8iHAaLrcSb54VIcVTuh:7LllE37Bw9xDfARtK8iHAsbIr
Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redlinesmokeloader11backdoorinfostealerspywaretrojan