Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

d15d96837bf10c0103281e9372d8c4aed44088ce396692fca804216301201b56
Size

233KB
Sample

221226-ktpjescf65
MD5

a8427cd641063f710feeb5434267d8cf
SHA1

5ee55c6ee1f2d4e779e0043a84cdec06bc6f2259
SHA256

d15d96837bf10c0103281e9372d8c4aed44088ce396692fca804216301201b56
SHA512

353734315aa92f1b8c19bfb47fe9053d4449ad88ac17996774ca3d9a8197172822a3e359c4dd4dfbe91767cdc3096eb8adfecdcb3a655650e9c8f5a290be34b1
SSDEEP

3072:zlTqaLVex5HIsI9n44+MHfjOWUvnoht71gRzf2QjvOmlS1g/tK8g38xWA4LrcSb1:JLMBWhHqEt71gbJtK8iCqbIr

Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes

auth_value
107e09eee63158d2488feb03dac75204

Targets

- Target
  
  d15d96837bf10c0103281e9372d8c4aed44088ce396692fca804216301201b56
- Size
  
  233KB
- MD5
  
  a8427cd641063f710feeb5434267d8cf
- SHA1
  
  5ee55c6ee1f2d4e779e0043a84cdec06bc6f2259
- SHA256
  
  d15d96837bf10c0103281e9372d8c4aed44088ce396692fca804216301201b56
- SHA512
  
  353734315aa92f1b8c19bfb47fe9053d4449ad88ac17996774ca3d9a8197172822a3e359c4dd4dfbe91767cdc3096eb8adfecdcb3a655650e9c8f5a290be34b1
- SSDEEP
  
  3072:zlTqaLVex5HIsI9n44+MHfjOWUvnoht71gRzf2QjvOmlS1g/tK8g38xWA4LrcSb1:JLMBWhHqEt71gbJtK8iCqbIr
Score

10^/10

redline smokeloader 11 backdoor infostealer spyware trojan
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Scripting

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

redlinesmokeloader11backdoorinfostealerspywaretrojan